midefos/servme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding ip filter and api key filter

Browse Source
This commit is contained in:
midefos 2025-01-16 19:33:15 +01:00
parent 79db275dc9
commit 4c57effff9
4 changed files with 91 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@ -13,7 +13,7 @@ http-body-util = "0.1.2"
hyper = { version = "1.5.2", features = ["http1", "server"] } hyper = { version = "1.5.2", features = ["http1", "server"] }
hyper-util = { version = "0.1", features = ["http1", "server", "tokio"] } hyper-util = { version = "0.1", features = ["http1", "server", "tokio"] }
log = { version = "0.4.22", features=["kv"]} log = { version = "0.4.25", features=["kv"]}
[lib] [lib]
name = "servme" name = "servme"

22
src/builder.rs
View File

@ -1,4 +1,5 @@
use crate::{config::ServerConfig, server::Server}; use crate::{config::ServerConfig, server::Server};
use std::sync::Arc;
pub struct ServerBuilder { pub struct ServerBuilder {
pub config: ServerConfig, pub config: ServerConfig,
@ -11,9 +12,28 @@ impl ServerBuilder {
self self
} }
pub fn private_ips(mut self) -> Self {
self.config.ips_filter = true;
self.config.private_ips = true;
self
}
pub fn ips(mut self, ips: Vec<String>) -> Self {
self.config.ips_filter = true;
self.config.ips = ips;
self
}
pub fn api_key(mut self, api_key: &str) -> Self {
self.config.api_key = Some(api_key.to_string());
self
}
pub fn build(self) -> Server { pub fn build(self) -> Server {
Server { Server {
config: self.config, config: Arc::new(self.config),
} }
} }
} }

12
src/config.rs
View File

@ -1,6 +1,12 @@
pub struct ServerConfig { pub struct ServerConfig {
pub ip: String, pub ip: String,
pub port: u16, pub port: u16,
pub ips_filter: bool,
pub private_ips: bool,
pub ips: Vec<String>,
pub api_key: Option<String>,
} }
impl Default for ServerConfig { impl Default for ServerConfig {
@ -8,6 +14,12 @@ impl Default for ServerConfig {
ServerConfig { ServerConfig {
ip: "127.0.0.1".to_string(), ip: "127.0.0.1".to_string(),
port: 8080, port: 8080,
ips_filter: false,
private_ips: false,
ips: Vec::new(),
api_key: None,
} }
} }
} }

61
src/server.rs
View File

@ -1,14 +1,20 @@
use crate::{builder::ServerBuilder, config::ServerConfig}; use crate::{builder::ServerBuilder, config::ServerConfig};
use http::HeaderValue;
use http_body_util::Full; use http_body_util::Full;
use hyper::{body::Incoming, server::conn::http1, service::service_fn, Request, Response}; use hyper::{body::Incoming, server::conn::http1, service::service_fn, Request, Response};
use hyper_util::rt::{TokioIo, TokioTimer}; use hyper_util::rt::{TokioIo, TokioTimer};
use log::error; use log::error;
use std::{convert::Infallible, future::Future, net::SocketAddr, sync::Arc}; use std::{
convert::Infallible,
future::Future,
net::{IpAddr, SocketAddr},
sync::Arc,
};
use tokio::{net::TcpListener, spawn}; use tokio::{net::TcpListener, spawn};
use tokio_util::bytes::Bytes; use tokio_util::bytes::Bytes;
pub struct Server { pub struct Server {
pub config: ServerConfig, pub config: Arc<ServerConfig>,
} }
impl Server { impl Server {
@ -30,14 +36,40 @@ impl Server {
let handler = Arc::new(handler); let handler = Arc::new(handler);
loop { loop {
let (tcp, _) = listener.accept().await.unwrap(); let (tcp, client_addr) = listener.accept().await.unwrap();
let io = TokioIo::new(tcp); let io = TokioIo::new(tcp);
let config = Arc::clone(&self.config);
if self.config.ips_filter && !self.is_ip_authorized(&client_addr.ip()) {
continue;
}
let handler = Arc::clone(&handler); let handler = Arc::clone(&handler);
spawn(async move { spawn(async move {
if let Err(error) = http1::Builder::new() if let Err(error) = http1::Builder::new()
.timer(TokioTimer::new()) .timer(TokioTimer::new())
.serve_connection(io, service_fn(move |req| handler(req))) .serve_connection(
io,
service_fn(move |req| {
let config = Arc::clone(&config);
let handler = Arc::clone(&handler);
async move {
if let Some(ref token) = config.api_key {
if req.headers().get("X-API-Key")
!= Some(&HeaderValue::from_str(token).unwrap())
{
return Ok(Response::builder()
.status(401)
.body(Full::new(Bytes::from("Unauthorized")))
.unwrap());
}
}
handler(req).await
}
}),
)
.await .await
{ {
error!(error = error.to_string().as_str(); error!(error = error.to_string().as_str();
@ -47,4 +79,25 @@ impl Server {
}); });
} }
} }
fn is_ip_authorized(&self, ip: &IpAddr) -> bool {
if self.config.private_ips {
let is_private = match ip {
IpAddr::V4(ip4) => ip4.is_private(),
IpAddr::V6(_) => false,
};
if is_private {
return true;
}
}
let ips = &self.config.ips;
if ips.is_empty() {
return true;
}
ips.iter()
.any(|authorized_ip| &ip.to_string() == authorized_ip)
}
} }