README
¶
krakend-ipfilter
IP filter middleware for KrakenD(lura) framework, base on cidranger
Install
go get github.com/xiachufang/krakend-ipfilter/v2
Usage
package main
import (
"flag"
"log"
"os"
"github.com/gin-gonic/gin"
"github.com/luraproject/lura/v2/config"
"github.com/luraproject/lura/v2/logging"
"github.com/luraproject/lura/v2/proxy"
krakendgin "github.com/luraproject/lura/v2/router/gin"
"github.com/luraproject/lura/v2/transport/http/client"
http "github.com/luraproject/lura/v2/transport/http/server"
ipfilter "github.com/xiachufang/krakend-ipfilter/v2/engine/gin"
)
func main() {
port := flag.Int("p", 0, "Port of the service")
logLevel := flag.String("l", "ERROR", "Logging level")
debug := flag.Bool("d", false, "Enable the debug")
configFile := flag.String("c", "/etc/krakend/configuration.json", "Path to the configuration filename")
flag.Parse()
parser := config.NewParser()
serviceConfig, err := parser.Parse(*configFile)
if err != nil {
log.Fatal("ERROR:", err.Error())
}
serviceConfig.Debug = serviceConfig.Debug || *debug
if *port != 0 {
serviceConfig.Port = *port
}
logger, err := logging.NewLogger(*logLevel, os.Stdout, "[KRAKEND]")
if err != nil {
log.Fatal("ERROR:", err.Error())
}
engine := gin.Default()
// register krakend-ipfilter
ipfilter.Register(&serviceConfig, logger, engine)
routerFactory := krakendgin.NewFactory(krakendgin.Config{
Engine: engine,
ProxyFactory: proxy.NewDefaultFactory(proxy.CustomHTTPProxyFactory(client.NewHTTPClient), logger),
Middlewares: []gin.HandlerFunc{},
Logger: logger,
HandlerFactory: krakendgin.EndpointHandler,
RunServer: http.RunServer,
})
routerFactory.New().Run(serviceConfig)
}
Config Example
Only allow specified IP
Complete example configuration file: allow.json
"extra_config": {
"github_com/xiachufang/krakend-ipfilter": {
"allow": [
"192.168.1.1",
"8.8.8.8",
"127.0.0.1/8"
]
}
}
Only deny specified IP
Complete example configuration file: deny.json
"extra_config": {
"github_com/xiachufang/krakend-ipfilter": {
"deny": [
"192.168.1.1",
"8.8.8.8",
"127.0.0.1/8"
]
}
}
Allow IP within a range but deny a specific one
Complete example configuration file: deny_allow.json
"extra_config": {
"github_com/xiachufang/krakend-ipfilter": {
"allow": [
"127.0.0.0/24"
],
"deny": [
"127.0.0.1"
]
}
}
Test
make test
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var (
Namespace = "github_com/xiachufang/krakend-ipfilter"
)
Functions ¶
This section is empty.
Types ¶
type CIDRFilter ¶
type CIDRFilter struct {
// contains filtered or unexported fields
}
CIDRFilter is an ip filter base on cidranger
func (*CIDRFilter) Allow ¶
func (f *CIDRFilter) Allow(ip string) bool
Allow implement IPFilter.Allow 1. If the "allow" list is configured, only the IPs in the "allow" list are allowed access. All other IPs are denied access. 2. If the "deny" list is configured, the IPs in the "deny" list are denied access. 3. If both the "allow" and "deny" lists are configured, both rules are applied simultaneously.
type Config ¶
type Config struct {
Deny []string `json:"deny"`
Allow []string `json:"allow"`
// header keys to parse real ip, default to []string{X-Forwarded-For, X-Real-Ip}
IPHeaders []string `json:"ip_headers"`
}
Config is config of ipfilter
func ParseConfig ¶
func ParseConfig(e config.ExtraConfig, logger logging.Logger) *Config
ParseConfig build ip filter's Config
type IPFilter ¶
IPFilter is a interface for allow or deny an ip
func NewIPFilter ¶
NewIPFilter create a cidranger base ip filter
type NoopFilter ¶
type NoopFilter struct{}
NoopFilter noop, allow always, never deny
func (*NoopFilter) Allow ¶
func (noop *NoopFilter) Allow(_ string) bool
Allow implement IPFilter.Allow
Source Files
Directories