mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add IP whitelist configuration, enhance message handling with envelope identification, and log remote addresses for improved connection control

Browse Source
This commit is contained in:
mleku
2025-08-31 10:00:50 +01:00
parent 576475e3dc
commit 94383f29e9
3 changed files with 71 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/config/config.go
View File

@@ -16,6 +16,7 @@ import (
"go-simpler.org/env" "go-simpler.org/env"
lol "lol.mleku.dev" lol "lol.mleku.dev"
"lol.mleku.dev/chk" "lol.mleku.dev/chk"
"lol.mleku.dev/log"
"next.orly.dev/pkg/version" "next.orly.dev/pkg/version"
) )
@@ -23,12 +24,13 @@ import (
// and default values. It defines parameters for app behaviour, storage // and default values. It defines parameters for app behaviour, storage
// locations, logging, and network settings used across the relay service. // locations, logging, and network settings used across the relay service.
type C struct { type C struct {
AppName string `env:"ORLY_APP_NAME" usage:"set a name to display on information about the relay" default:"ORLY"` AppName string `env:"ORLY_APP_NAME" usage:"set a name to display on information about the relay" default:"ORLY"`
DataDir string `env:"ORLY_DATA_DIR" usage:"storage location for the event store" default:"~/.local/share/ORLY"` DataDir string `env:"ORLY_DATA_DIR" usage:"storage location for the event store" default:"~/.local/share/ORLY"`
Listen string `env:"ORLY_LISTEN" default:"0.0.0.0" usage:"network listen address"` Listen string `env:"ORLY_LISTEN" default:"0.0.0.0" usage:"network listen address"`
Port int `env:"ORLY_PORT" default:"3334" usage:"port to listen on"` Port int `env:"ORLY_PORT" default:"3334" usage:"port to listen on"`
LogLevel string `env:"ORLY_LOG_LEVEL" default:"info" usage:"debug level: fatal error warn info debug trace"` LogLevel string `env:"ORLY_LOG_LEVEL" default:"info" usage:"debug level: fatal error warn info debug trace"`
Pprof string `env:"ORLY_PPROF" usage:"enable pprof in modes: cpu,memory,allocation"` Pprof string `env:"ORLY_PPROF" usage:"enable pprof in modes: cpu,memory,allocation"`
IPWhitelist []string `env:"ORLY_IP_WHITELIST" usage:"comma-separated list of IP addresses to allow access from, matches on prefixes to allow private subnets, eg 10.0.0 = 10.0.0.0/8"`
} }
// New creates and initializes a new configuration object for the relay // New creates and initializes a new configuration object for the relay
@@ -69,6 +71,7 @@ func New() (cfg *C, err error) {
os.Exit(0) os.Exit(0)
} }
lol.SetLogLevel(cfg.LogLevel) lol.SetLogLevel(cfg.LogLevel)
log.I.S(cfg.IPWhitelist)
return return
} }

50
app/handle-message.go
View File

@@ -1,9 +1,55 @@
package app package app
import ( import (
"fmt"
"lol.mleku.dev/chk"
"lol.mleku.dev/log" "lol.mleku.dev/log"
"next.orly.dev/pkg/encoders/envelopes"
"next.orly.dev/pkg/encoders/envelopes/authenvelope"
"next.orly.dev/pkg/encoders/envelopes/closeenvelope"
"next.orly.dev/pkg/encoders/envelopes/eventenvelope"
"next.orly.dev/pkg/encoders/envelopes/reqenvelope"
) )
func (s *Server) HandleMessage(msg []byte) { func (s *Server) HandleMessage(msg []byte, remote string) {
log.I.F("received message:\n%s\n", msg) log.D.C(
func() string {
return fmt.Sprintf(
"%s received message:\n%s", remote, msg,
)
},
)
var notice []byte
var err error
var t string
var rem []byte
if t, rem, err = envelopes.Identify(msg); chk.E(err) {
notice = []byte(err.Error())
}
switch t {
case eventenvelope.L:
log.D.F("eventenvelope: %s", rem)
case reqenvelope.L:
log.D.F("reqenvelope: %s", rem)
case closeenvelope.L:
log.D.F("closeenvelope: %s", rem)
case authenvelope.L:
log.D.F("authenvelope: %s", rem)
default:
notice = []byte(fmt.Sprintf("unknown envelope type %s\n%s", t, rem))
}
if len(notice) > 0 {
log.D.C(
func() string {
return fmt.Sprintf(
"notice->%s %s", remote, notice,
)
},
)
// if err = noticeenvelope.NewFrom(notice).Write(a.Listener); chk.E(err) {
// return
// }
}
} }

16
app/handle-websocket.go
View File

@@ -28,6 +28,19 @@ const (
func (s *Server) HandleWebsocket(w http.ResponseWriter, r *http.Request) { func (s *Server) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
remote := GetRemoteFromReq(r) remote := GetRemoteFromReq(r)
log.D.F("handling websocket connection from %s", remote)
if len(s.Config.IPWhitelist) > 0 {
for _, ip := range s.Config.IPWhitelist {
log.T.F("checking IP whitelist: %s", ip)
if strings.HasPrefix(remote, ip) {
log.T.F("IP whitelisted %s", remote)
goto whitelist
}
}
log.T.F("IP not whitelisted: %s", remote)
return
}
whitelist:
var cancel context.CancelFunc var cancel context.CancelFunc
s.Ctx, cancel = context.WithCancel(s.Ctx) s.Ctx, cancel = context.WithCancel(s.Ctx)
defer cancel() defer cancel()
@@ -39,7 +52,6 @@ func (s *Server) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
return return
} }
defer conn.CloseNow() defer conn.CloseNow()
go s.Pinger(s.Ctx, conn, time.NewTicker(time.Second*10), cancel) go s.Pinger(s.Ctx, conn, time.NewTicker(time.Second*10), cancel)
for { for {
select { select {
@@ -73,7 +85,7 @@ func (s *Server) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
} }
continue continue
} }
go s.HandleMessage(msg) go s.HandleMessage(msg, remote)
} }
} }