#patch: offload private ip checking to go-geofence

circa10a · Feb 26, 2022 · a71e5bb · a71e5bb
1 parent a273064
commit a71e5bb
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 21 deletions.
diff --git a/caddy_geofence.go b/caddy_geofence.go
@@ -87,10 +87,11 @@ func (cg *CaddyGeofence) Provision(ctx caddy.Context) error {
 
 	// Setup client
 	geofenceClient, err := geofence.New(&geofence.Config{
-		IPAddress: cg.RemoteIP,
-		Token:     cg.FreeGeoIPAPIToken,
-		Radius:    cg.Radius,
-		CacheTTL:  cg.CacheTTL,
+		IPAddress:               cg.RemoteIP,
+		Token:                   cg.FreeGeoIPAPIToken,
+		Radius:                  cg.Radius,
+		AllowPrivateIPAddresses: cg.AllowPrivateIPAddresses,
+		CacheTTL:                cg.CacheTTL,
 	})
 	if err != nil {
 		return err
@@ -119,7 +120,6 @@ func (cg CaddyGeofence) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
 	// Debug private address/allowlist rules
 	cg.logger.Debug(loggerNamespace,
 		zap.String("remote_addr", remoteAddr),
-		zap.Bool("is_private_address", isPrivateAddress(remoteAddr)),
 		zap.Bool("is_private_address_allowed", cg.AllowPrivateIPAddresses),
 		zap.Bool("is_in_allowlist", inAllowlist),
 	)
@@ -129,11 +129,6 @@ func (cg CaddyGeofence) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
 		return next.ServeHTTP(w, r)
 	}
 
-	// If known private ip address and config says to allow private ip addresses
-	if isPrivateAddress(remoteAddr) && cg.AllowPrivateIPAddresses {
-		return next.ServeHTTP(w, r)
-	}
-
 	// Check if ip address is nearby
 	isAddressNear, err := cg.GeofenceClient.IsIPAddressNear(remoteAddr)
 	if err != nil {
@@ -154,12 +149,6 @@ func (cg CaddyGeofence) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
 	return next.ServeHTTP(w, r)
 }
 
-// isPrivateAddress checks if remote address is from known private ip space
-func isPrivateAddress(addr string) bool {
-	ip := net.ParseIP(addr)
-	return ip.IsPrivate() || ip.IsLoopback()
-}
-
 // strInSlice returns true if string is in slice
 func strInSlice(str string, list []string) bool {
 	for _, item := range list {

diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/caddyserver/caddy/v2 v2.4.6
-	github.com/circa10a/go-geofence v0.4.0
+	github.com/circa10a/go-geofence v0.5.0
 	go.uber.org/zap v1.19.0
 )
 
@@ -88,7 +88,7 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 // indirect
 	golang.org/x/mod v0.4.2 // indirect
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
 	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect

diff --git a/go.sum b/go.sum
@@ -192,8 +192,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5O
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/circa10a/go-geofence v0.4.0 h1:jeCZOqn/TN9X2svf2tjzg1jt+CPW0NFT4penV5T7NMY=
-github.com/circa10a/go-geofence v0.4.0/go.mod h1:mxd1yyPw/Dr/dfn7OA8OR6hdUW9UusX4OgmpwbyNweA=
+github.com/circa10a/go-geofence v0.5.0 h1:pmxfcW9yihTQ09SYVefB6kehW0WGvshoO3xEMwk9vgs=
+github.com/circa10a/go-geofence v0.5.0/go.mod h1:mxd1yyPw/Dr/dfn7OA8OR6hdUW9UusX4OgmpwbyNweA=
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -1137,8 +1137,9 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=