mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-11 20:36:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add trusted IPs which have admin API access (#1352)

Browse source 
* Add trusted IPs which have admin API access
This commit is contained in:
Shivam Sandbhor 2022-03-16 21:58:34 +05:30 committed by GitHub
parent b57eb92bbc
commit 023ac9e138
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 135 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

17
pkg/apiserver/controllers/v1/alerts.go
View file

@ -3,6 +3,7 @@ package v1
import (
"encoding/json"
"fmt"
"net"
"net/http"
"strconv"
"time"
@ -236,9 +237,9 @@ func (c *Controller) FindAlertByID(gctx *gin.Context) {
// DeleteAlerts : delete alerts from database based on the specified filter
func (c *Controller) DeleteAlerts(gctx *gin.Context) {
if gctx.ClientIP() != "127.0.0.1" && gctx.ClientIP() != "::1" {
gctx.JSON(http.StatusForbidden, gin.H{"message": fmt.Sprintf("access forbidden from this IP (%s)", gctx.ClientIP())})
incomingIP := gctx.ClientIP()
if incomingIP != "127.0.0.1" && incomingIP != "::1" && !networksContainIP(c.TrustedIPs, incomingIP) {
gctx.JSON(http.StatusForbidden, gin.H{"message": fmt.Sprintf("access forbidden from this IP (%s)", incomingIP)})
return
}
var err error
@ -252,3 +253,13 @@ func (c *Controller) DeleteAlerts(gctx *gin.Context) {
}
gctx.JSON(http.StatusOK, deleteAlertsResp)
}
func networksContainIP(networks []net.IPNet, ip string) bool {
parsedIP := net.ParseIP(ip)
for _, network := range networks {
if network.Contains(parsedIP) {
return true
}
}
return false
}