From 5b3fad9636e8f32abdb78067517544174ffbf906 Mon Sep 17 00:00:00 2001 From: Jeffrey Morgan Date: Sat, 9 Mar 2024 00:22:08 -0800 Subject: [PATCH] separate out `isLocalIP` --- server/routes.go | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/server/routes.go b/server/routes.go index 7e9987b6..4d70358c 100644 --- a/server/routes.go +++ b/server/routes.go @@ -905,8 +905,29 @@ var defaultAllowOrigins = []string{ "0.0.0.0", } +func isLocalIP(ip netip.Addr) bool { + if interfaces, err := net.Interfaces(); err == nil { + for _, iface := range interfaces { + addrs, err := iface.Addrs() + if err != nil { + continue + } + + for _, a := range addrs { + if parsed, _, err := net.ParseCIDR(a.String()); err == nil { + if parsed.String() == ip.String() { + return true + } + } + } + } + } + + return false +} + func allowedHost(host string) bool { - if host == "" || host == "localhost" || host == "0.0.0.0" { + if host == "" || host == "localhost" { return true } @@ -927,24 +948,6 @@ func allowedHost(host string) bool { } } - // check if the host is a local IP address - if interfaces, err := net.Interfaces(); err == nil { - for _, iface := range interfaces { - addrs, err := iface.Addrs() - if err != nil { - continue - } - - for _, a := range addrs { - if ip, _, err := net.ParseCIDR(a.String()); err == nil { - if host == ip.String() { - return true - } - } - } - } - } - return false } @@ -955,8 +958,7 @@ func allowedHostsMiddleware(addr net.Addr) gin.HandlerFunc { return } - addr, err := netip.ParseAddrPort(addr.String()) - if err == nil && !addr.Addr().IsLoopback() { + if addr, err := netip.ParseAddrPort(addr.String()); err == nil && !addr.Addr().IsLoopback() { c.Next() return } @@ -967,7 +969,7 @@ func allowedHostsMiddleware(addr net.Addr) gin.HandlerFunc { } if addr, err := netip.ParseAddr(host); err == nil { - if addr.IsLoopback() || addr.IsPrivate() { + if addr.IsLoopback() || addr.IsPrivate() || addr.IsUnspecified() || isLocalIP(addr) { c.Next() return }