traefik/pkg/ip/strategy.go

package ip

import (
	"net"
	"net/http"
	"strings"
)

const (
	xForwardedFor = "X-Forwarded-For"
)

// Strategy a strategy for IP selection.
type Strategy interface {
	GetIP(req *http.Request) string
}

// RemoteAddrStrategy a strategy that always return the remote address.
type RemoteAddrStrategy struct{}

// GetIP returns the selected IP.
func (s *RemoteAddrStrategy) GetIP(req *http.Request) string {
	ip, _, err := net.SplitHostPort(req.RemoteAddr)
	if err != nil {
		return req.RemoteAddr
	}
	return ip
}

// DepthStrategy a strategy based on the depth inside the X-Forwarded-For from right to left.
type DepthStrategy struct {
	Depth int
}

// GetIP return the selected IP.
func (s *DepthStrategy) GetIP(req *http.Request) string {
	xff := req.Header.Get(xForwardedFor)
	xffs := strings.Split(xff, ",")

	if len(xffs) < s.Depth {
		return ""
	}
	return strings.TrimSpace(xffs[len(xffs)-s.Depth])
}

// PoolStrategy is a strategy based on an IP Checker.
// It allows to check whether addresses are in a given pool of IPs.
type PoolStrategy struct {
	Checker *Checker
}

// GetIP checks the list of Forwarded IPs (most recent first) against the
// Checker pool of IPs. It returns the first IP that is not in the pool, or the
// empty string otherwise.
func (s *PoolStrategy) GetIP(req *http.Request) string {
	if s.Checker == nil {
		return ""
	}

	xff := req.Header.Get(xForwardedFor)
	xffs := strings.Split(xff, ",")

	for i := len(xffs) - 1; i >= 0; i-- {
		xffTrimmed := strings.TrimSpace(xffs[i])
		if len(xffTrimmed) == 0 {
			continue
		}
		if contain, _ := s.Checker.Contains(xffTrimmed); !contain {
			return xffTrimmed
		}
	}

	return ""
}
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`package ip`

			`import (`
Add rate limiter, rename maxConn into inFlightReq Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com> 2019-08-26 12:20:06 +02:00			`"net"`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`"net/http"`
			`"strings"`
			`)`

			`const (`
			`xForwardedFor = "X-Forwarded-For"`
			`)`

Update linter 2020-05-11 12:06:07 +02:00			`// Strategy a strategy for IP selection.`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`type Strategy interface {`
			`GetIP(req *http.Request) string`
			`}`

Update linter 2020-05-11 12:06:07 +02:00			`// RemoteAddrStrategy a strategy that always return the remote address.`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`type RemoteAddrStrategy struct{}`

Update linter 2020-05-11 12:06:07 +02:00			`// GetIP returns the selected IP.`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`func (s RemoteAddrStrategy) GetIP(req http.Request) string {`
Add rate limiter, rename maxConn into inFlightReq Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com> 2019-08-26 12:20:06 +02:00			`ip, _, err := net.SplitHostPort(req.RemoteAddr)`
			`if err != nil {`
			`return req.RemoteAddr`
			`}`
			`return ip`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`}`

Update linter 2020-05-11 12:06:07 +02:00			`// DepthStrategy a strategy based on the depth inside the X-Forwarded-For from right to left.`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`type DepthStrategy struct {`
			`Depth int`
			`}`

Update linter 2020-05-11 12:06:07 +02:00			`// GetIP return the selected IP.`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`func (s DepthStrategy) GetIP(req http.Request) string {`
			`xff := req.Header.Get(xForwardedFor)`
			`xffs := strings.Split(xff, ",")`

			`if len(xffs) < s.Depth {`
			`return ""`
			`}`
Merge branch 'v1.7.2' into master 2018-10-05 12:43:17 +02:00			`return strings.TrimSpace(xffs[len(xffs)-s.Depth])`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`}`

doc: clarify usage for ratelimit's excludedIPs 2021-06-07 17:46:14 +02:00			`// PoolStrategy is a strategy based on an IP Checker.`
			`// It allows to check whether addresses are in a given pool of IPs.`
			`type PoolStrategy struct {`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`Checker *Checker`
			`}`

doc: clarify usage for ratelimit's excludedIPs 2021-06-07 17:46:14 +02:00			`// GetIP checks the list of Forwarded IPs (most recent first) against the`
			`// Checker pool of IPs. It returns the first IP that is not in the pool, or the`
			`// empty string otherwise.`
			`func (s PoolStrategy) GetIP(req http.Request) string {`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`if s.Checker == nil {`
			`return ""`
			`}`

			`xff := req.Header.Get(xForwardedFor)`
			`xffs := strings.Split(xff, ",")`

			`for i := len(xffs) - 1; i >= 0; i-- {`
Merge branch 'v1.7.2' into master 2018-10-05 12:43:17 +02:00			`xffTrimmed := strings.TrimSpace(xffs[i])`
doc: clarify usage for ratelimit's excludedIPs 2021-06-07 17:46:14 +02:00			`if len(xffTrimmed) == 0 {`
			`continue`
			`}`
Merge branch 'v1.7.2' into master 2018-10-05 12:43:17 +02:00			`if contain, _ := s.Checker.Contains(xffTrimmed); !contain {`
			`return xffTrimmed`
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`}`
			`}`
doc: clarify usage for ratelimit's excludedIPs 2021-06-07 17:46:14 +02:00
IPStrategy for selecting IP in whitelist 2018-08-24 16:20:03 +02:00			`return ""`
			`}`