rename IPsOrCIDRs into IPNetworks

2 years ago · 3016dfad2e
11 changed files with 35 additions and 48 deletions
--- a/internal/conf/conf.go
+++ b/internal/conf/conf.go
@ -150,7 +150,7 @@ type Conf struct {
				@@ -150,7 +150,7 @@ type Conf struct {
 	HLSPartDuration    StringDuration `json:"hlsPartDuration"`
 	HLSSegmentMaxSize  StringSize     `json:"hlsSegmentMaxSize"`
 	HLSAllowOrigin     string         `json:"hlsAllowOrigin"`
-	HLSTrustedProxies  IPsOrCIDRs     `json:"hlsTrustedProxies"`
+	HLSTrustedProxies  IPNetworks     `json:"hlsTrustedProxies"`
 	HLSDirectory       string         `json:"hlsDirectory"`

 	// WebRTC server
@ -161,7 +161,7 @@ type Conf struct {
				@@ -161,7 +161,7 @@ type Conf struct {
 	WebRTCServerKey             string            `json:"webrtcServerKey"`
 	WebRTCServerCert            string            `json:"webrtcServerCert"`
 	WebRTCAllowOrigin           string            `json:"webrtcAllowOrigin"`
-	WebRTCTrustedProxies        IPsOrCIDRs        `json:"webrtcTrustedProxies"`
+	WebRTCTrustedProxies        IPNetworks        `json:"webrtcTrustedProxies"`
 	WebRTCLocalUDPAddress       string            `json:"webrtcLocalUDPAddress"`
 	WebRTCLocalTCPAddress       string            `json:"webrtcLocalTCPAddress"`
 	WebRTCIPsFromInterfaces     bool              `json:"webrtcIPsFromInterfaces"`
--- a/internal/conf/ips_or_cidrs.go
+++ b/internal/conf/ips_or_cidrs.go
@ -8,11 +8,11 @@ import (
				@@ -8,11 +8,11 @@ import (
 	"strings"
 )

-// IPsOrCIDRs is a parameter that contains a list of IPs or CIDRs.
-type IPsOrCIDRs []fmt.Stringer
+// IPNetworks is a parameter that contains a list of IP networks.
+type IPNetworks []*net.IPNet

 // MarshalJSON implements json.Marshaler.
-func (d IPsOrCIDRs) MarshalJSON() ([]byte, error) {
+func (d IPNetworks) MarshalJSON() ([]byte, error) {
 	out := make([]string, len(d))

 	for i, v := range d {
@ -25,7 +25,7 @@ func (d IPsOrCIDRs) MarshalJSON() ([]byte, error) {
				@@ -25,7 +25,7 @@ func (d IPsOrCIDRs) MarshalJSON() ([]byte, error) {
 }

 // UnmarshalJSON implements json.Unmarshaler.
-func (d *IPsOrCIDRs) UnmarshalJSON(b []byte) error {
+func (d *IPNetworks) UnmarshalJSON(b []byte) error {
 	var in []string
 	if err := json.Unmarshal(b, &in); err != nil {
 		return err
@ -41,7 +41,7 @@ func (d *IPsOrCIDRs) UnmarshalJSON(b []byte) error {
				@@ -41,7 +41,7 @@ func (d *IPsOrCIDRs) UnmarshalJSON(b []byte) error {
 		if _, ipnet, err := net.ParseCIDR(t); err == nil {
 			*d = append(*d, ipnet)
 		} else if ip := net.ParseIP(t); ip != nil {
-			*d = append(*d, ip)
+			*d = append(*d, &net.IPNet{IP: ip, Mask: net.CIDRMask(len(ip)*8, len(ip)*8)})
 		} else {
 			return fmt.Errorf("unable to parse IP/CIDR '%s'", t)
 		}
@ -51,16 +51,26 @@ func (d *IPsOrCIDRs) UnmarshalJSON(b []byte) error {
				@@ -51,16 +51,26 @@ func (d *IPsOrCIDRs) UnmarshalJSON(b []byte) error {
 }

 // UnmarshalEnv implements env.Unmarshaler.
-func (d *IPsOrCIDRs) UnmarshalEnv(_ string, v string) error {
+func (d *IPNetworks) UnmarshalEnv(_ string, v string) error {
 	byts, _ := json.Marshal(strings.Split(v, ","))
 	return d.UnmarshalJSON(byts)
 }

-// ToTrustedProxies converts IPsOrCIDRs into a string slice for SetTrustedProxies.
-func (d *IPsOrCIDRs) ToTrustedProxies() []string {
+// ToTrustedProxies converts IPNetworks into a string slice for SetTrustedProxies.
+func (d *IPNetworks) ToTrustedProxies() []string {
 	ret := make([]string, len(*d))
 	for i, entry := range *d {
 		ret[i] = entry.String()
 	}
 	return ret
 }
+
+// Contains checks whether the IP is part of one of the networks.
+func (d IPNetworks) Contains(ip net.IP) bool {
+	for _, network := range d {
+		if network.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
--- a/internal/conf/path.go
+++ b/internal/conf/path.go
@ -108,10 +108,10 @@ type Path struct {
				@@ -108,10 +108,10 @@ type Path struct {
 	// Authentication
 	PublishUser Credential `json:"publishUser"`
 	PublishPass Credential `json:"publishPass"`
-	PublishIPs  IPsOrCIDRs `json:"publishIPs"`
+	PublishIPs  IPNetworks `json:"publishIPs"`
 	ReadUser    Credential `json:"readUser"`
 	ReadPass    Credential `json:"readPass"`
-	ReadIPs     IPsOrCIDRs `json:"readIPs"`
+	ReadIPs     IPNetworks `json:"readIPs"`

 	// Publisher source
 	OverridePublisher        bool   `json:"overridePublisher"`
--- a/internal/core/auth.go
+++ b/internal/core/auth.go
@ -84,7 +84,7 @@ func doAuthentication(
				@@ -84,7 +84,7 @@ func doAuthentication(
 		}
 	}

-	var pathIPs conf.IPsOrCIDRs
+	var pathIPs conf.IPNetworks
 	var pathUser conf.Credential
 	var pathPass conf.Credential

@ -99,7 +99,7 @@ func doAuthentication(
				@@ -99,7 +99,7 @@ func doAuthentication(
 	}

 	if pathIPs != nil {
-		if !ipEqualOrInRange(accessRequest.IP, pathIPs) {
+		if !pathIPs.Contains(accessRequest.IP) {
 			return defs.AuthenticationError{Message: fmt.Sprintf("IP %s not allowed", accessRequest.IP)}
 		}
 	}
--- a/internal/core/ip.go
+++ b/internal/core/ip.go
@ -1,23 +0,0 @@
				@@ -1,23 +0,0 @@
-package core
-
-import (
-	"fmt"
-	"net"
-)
-
-func ipEqualOrInRange(ip net.IP, ips []fmt.Stringer) bool {
-	for _, item := range ips {
-		switch titem := item.(type) {
-		case net.IP:
-			if titem.Equal(ip) {
-				return true
-			}
-
-		case *net.IPNet:
-			if titem.Contains(ip) {
-				return true
-			}
-		}
-	}
-	return false
-}
--- a/internal/servers/hls/http_server.go
+++ b/internal/servers/hls/http_server.go
@ -38,7 +38,7 @@ type httpServer struct {
				@@ -38,7 +38,7 @@ type httpServer struct {
 	serverKey      string
 	serverCert     string
 	allowOrigin    string
-	trustedProxies conf.IPsOrCIDRs
+	trustedProxies conf.IPNetworks
 	readTimeout    conf.StringDuration
 	pathManager    serverPathManager
 	parent         *Server
--- a/internal/servers/hls/server.go
+++ b/internal/servers/hls/server.go
@ -70,7 +70,7 @@ type Server struct {
				@@ -70,7 +70,7 @@ type Server struct {
 	PartDuration    conf.StringDuration
 	SegmentMaxSize  conf.StringSize
 	AllowOrigin     string
-	TrustedProxies  conf.IPsOrCIDRs
+	TrustedProxies  conf.IPNetworks
 	Directory       string
 	ReadTimeout     conf.StringDuration
 	WriteQueueSize  int
--- a/internal/servers/hls/server_test.go
+++ b/internal/servers/hls/server_test.go
@ -79,7 +79,7 @@ func TestServerNotFound(t *testing.T) {
				@@ -79,7 +79,7 @@ func TestServerNotFound(t *testing.T) {
 				PartDuration:    conf.StringDuration(200 * time.Millisecond),
 				SegmentMaxSize:  50 * 1024 * 1024,
 				AllowOrigin:     "",
-				TrustedProxies:  conf.IPsOrCIDRs{},
+				TrustedProxies:  conf.IPNetworks{},
 				Directory:       "",
 				ReadTimeout:     conf.StringDuration(10 * time.Second),
 				WriteQueueSize:  512,
@ -141,7 +141,7 @@ func TestServerRead(t *testing.T) {
				@@ -141,7 +141,7 @@ func TestServerRead(t *testing.T) {
 			PartDuration:    conf.StringDuration(200 * time.Millisecond),
 			SegmentMaxSize:  50 * 1024 * 1024,
 			AllowOrigin:     "",
-			TrustedProxies:  conf.IPsOrCIDRs{},
+			TrustedProxies:  conf.IPNetworks{},
 			Directory:       "",
 			ReadTimeout:     conf.StringDuration(10 * time.Second),
 			WriteQueueSize:  512,
@ -226,7 +226,7 @@ func TestServerRead(t *testing.T) {
				@@ -226,7 +226,7 @@ func TestServerRead(t *testing.T) {
 			PartDuration:    conf.StringDuration(200 * time.Millisecond),
 			SegmentMaxSize:  50 * 1024 * 1024,
 			AllowOrigin:     "",
-			TrustedProxies:  conf.IPsOrCIDRs{},
+			TrustedProxies:  conf.IPNetworks{},
 			Directory:       "",
 			ReadTimeout:     conf.StringDuration(10 * time.Second),
 			WriteQueueSize:  512,
--- a/internal/servers/webrtc/http_server.go
+++ b/internal/servers/webrtc/http_server.go
@ -56,7 +56,7 @@ type httpServer struct {
				@@ -56,7 +56,7 @@ type httpServer struct {
 	serverKey      string
 	serverCert     string
 	allowOrigin    string
-	trustedProxies conf.IPsOrCIDRs
+	trustedProxies conf.IPNetworks
 	readTimeout    conf.StringDuration
 	pathManager    serverPathManager
 	parent         *Server
--- a/internal/servers/webrtc/server.go
+++ b/internal/servers/webrtc/server.go
@ -182,7 +182,7 @@ type Server struct {
				@@ -182,7 +182,7 @@ type Server struct {
 	ServerKey             string
 	ServerCert            string
 	AllowOrigin           string
-	TrustedProxies        conf.IPsOrCIDRs
+	TrustedProxies        conf.IPNetworks
 	ReadTimeout           conf.StringDuration
 	WriteQueueSize        int
 	LocalUDPAddress       string
--- a/internal/servers/webrtc/server_test.go
+++ b/internal/servers/webrtc/server_test.go
@ -93,7 +93,7 @@ func TestServerStaticPages(t *testing.T) {
				@@ -93,7 +93,7 @@ func TestServerStaticPages(t *testing.T) {
 		ServerKey:             "",
 		ServerCert:            "",
 		AllowOrigin:           "",
-		TrustedProxies:        conf.IPsOrCIDRs{},
+		TrustedProxies:        conf.IPNetworks{},
 		ReadTimeout:           conf.StringDuration(10 * time.Second),
 		WriteQueueSize:        512,
 		LocalUDPAddress:       "127.0.0.1:8887",
@ -139,7 +139,7 @@ func TestServerPublish(t *testing.T) {
				@@ -139,7 +139,7 @@ func TestServerPublish(t *testing.T) {
 		ServerKey:             "",
 		ServerCert:            "",
 		AllowOrigin:           "",
-		TrustedProxies:        conf.IPsOrCIDRs{},
+		TrustedProxies:        conf.IPNetworks{},
 		ReadTimeout:           conf.StringDuration(10 * time.Second),
 		WriteQueueSize:        512,
 		LocalUDPAddress:       "127.0.0.1:8887",
@ -260,7 +260,7 @@ func TestServerRead(t *testing.T) {
				@@ -260,7 +260,7 @@ func TestServerRead(t *testing.T) {
 		ServerKey:             "",
 		ServerCert:            "",
 		AllowOrigin:           "",
-		TrustedProxies:        conf.IPsOrCIDRs{},
+		TrustedProxies:        conf.IPNetworks{},
 		ReadTimeout:           conf.StringDuration(10 * time.Second),
 		WriteQueueSize:        512,
 		LocalUDPAddress:       "127.0.0.1:8887",
@ -351,7 +351,7 @@ func TestServerReadNotFound(t *testing.T) {
				@@ -351,7 +351,7 @@ func TestServerReadNotFound(t *testing.T) {
 		ServerKey:             "",
 		ServerCert:            "",
 		AllowOrigin:           "",
-		TrustedProxies:        conf.IPsOrCIDRs{},
+		TrustedProxies:        conf.IPNetworks{},
 		ReadTimeout:           conf.StringDuration(10 * time.Second),
 		WriteQueueSize:        512,
 		LocalUDPAddress:       "127.0.0.1:8887",