caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350)

This commit is contained in:
Francis Lavoie 2024-05-30 09:32:17 -04:00 committed by GitHub
parent a52917a37d
commit 40c582ce82
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 72 additions and 20 deletions

View file

@ -46,6 +46,18 @@
@matcher12 client_ip private_ranges @matcher12 client_ip private_ranges
respond @matcher12 "client_ip matcher with private ranges" respond @matcher12 "client_ip matcher with private ranges"
@matcher13 {
remote_ip 1.1.1.1
remote_ip 2.2.2.2
}
respond @matcher13 "remote_ip merged"
@matcher14 {
client_ip 1.1.1.1
client_ip 2.2.2.2
}
respond @matcher14 "client_ip merged"
} }
---------- ----------
{ {
@ -279,6 +291,42 @@
"handler": "static_response" "handler": "static_response"
} }
] ]
},
{
"match": [
{
"remote_ip": {
"ranges": [
"1.1.1.1",
"2.2.2.2"
]
}
}
],
"handle": [
{
"body": "remote_ip merged",
"handler": "static_response"
}
]
},
{
"match": [
{
"client_ip": {
"ranges": [
"1.1.1.1",
"2.2.2.2"
]
}
}
],
"handle": [
{
"body": "client_ip merged",
"handler": "static_response"
}
]
} }
] ]
} }

View file

@ -72,19 +72,21 @@ func (MatchRemoteIP) CaddyModule() caddy.ModuleInfo {
// UnmarshalCaddyfile implements caddyfile.Unmarshaler. // UnmarshalCaddyfile implements caddyfile.Unmarshaler.
func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
d.Next() // consume matcher name // iterate to merge multiple matchers into one
for d.NextArg() { for d.Next() {
if d.Val() == "forwarded" { for d.NextArg() {
return d.Err("the 'forwarded' option is no longer supported; use the 'client_ip' matcher instead") if d.Val() == "forwarded" {
return d.Err("the 'forwarded' option is no longer supported; use the 'client_ip' matcher instead")
}
if d.Val() == "private_ranges" {
m.Ranges = append(m.Ranges, PrivateRangesCIDR()...)
continue
}
m.Ranges = append(m.Ranges, d.Val())
} }
if d.Val() == "private_ranges" { if d.NextBlock(0) {
m.Ranges = append(m.Ranges, PrivateRangesCIDR()...) return d.Err("malformed remote_ip matcher: blocks are not supported")
continue
} }
m.Ranges = append(m.Ranges, d.Val())
}
if d.NextBlock(0) {
return d.Err("malformed remote_ip matcher: blocks are not supported")
} }
return nil return nil
} }
@ -164,16 +166,18 @@ func (MatchClientIP) CaddyModule() caddy.ModuleInfo {
// UnmarshalCaddyfile implements caddyfile.Unmarshaler. // UnmarshalCaddyfile implements caddyfile.Unmarshaler.
func (m *MatchClientIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { func (m *MatchClientIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
d.Next() // consume matcher name // iterate to merge multiple matchers into one
for d.NextArg() { for d.Next() {
if d.Val() == "private_ranges" { for d.NextArg() {
m.Ranges = append(m.Ranges, PrivateRangesCIDR()...) if d.Val() == "private_ranges" {
continue m.Ranges = append(m.Ranges, PrivateRangesCIDR()...)
continue
}
m.Ranges = append(m.Ranges, d.Val())
}
if d.NextBlock(0) {
return d.Err("malformed client_ip matcher: blocks are not supported")
} }
m.Ranges = append(m.Ranges, d.Val())
}
if d.NextBlock(0) {
return d.Err("malformed client_ip matcher: blocks are not supported")
} }
return nil return nil
} }