dashboard: Autoreload ip restricted list

2022-06-06 11:26:23 +02:00 · 2022-06-06 11:26:23 +02:00 · f2e7b30ace
commit f2e7b30ace
parent 0e6a6893f1
3 changed files with 102 additions and 43 deletions
--- a/dashboard/app.go
+++ b/dashboard/app.go
@ -2,12 +2,8 @@ package main

 import (
 	"context"
-	"encoding/json"
-	"fmt"
 	"log"
 	"net/http"
-	"os"
-	"strings"
 	"time"

 	"github.com/gin-gonic/gin"
@ -45,11 +41,7 @@ func NewApp(htpasswd_file *string, restrict_to_ips *string, baseURL string, bind
 	}

 	if restrict_to_ips != nil && len(*restrict_to_ips) > 0 {
-		var err error
-		app.ips, err = loadIPs(*restrict_to_ips)
-		if err != nil {
-			log.Fatal("Unable to parse ip restricting file: ", err)
-		}
+		app.loadAndWatchIPs(*restrict_to_ips)
 		baserouter.Use(app.Restrict2IPs)
 	}

@ -58,39 +50,6 @@ func NewApp(htpasswd_file *string, restrict_to_ips *string, baseURL string, bind
 	return app
 }

-func loadIPs(file string) ([]string, error) {
-	fd, err := os.Open(file)
-	if err != nil {
-		return nil, err
-	}
-	defer fd.Close()
-
-	var ret []string
-	jdec := json.NewDecoder(fd)
-
-	if err := jdec.Decode(&ret); err != nil {
-		return ret, err
-	}
-
-	return ret, nil
-}
-
-func (app *App) Restrict2IPs(c *gin.Context) {
-	found := false
-	for _, ip := range app.ips {
-		if strings.HasPrefix(c.Request.RemoteAddr, ip) {
-			found = true
-			break
-		}
-	}
-
-	if found {
-		c.Next()
-	} else {
-		c.AbortWithError(http.StatusForbidden, fmt.Errorf("IP not authorized: %s", c.Request.RemoteAddr))
-	}
-}
-
 func (app *App) Start() {
 	app.srv = &http.Server{
 		Addr:    app.bind,