Mercurial > prosody-modules
comparison mod_http_status/mod_http_status.lua @ 5679:e274431bf4ce
mod_http_status: Add IP allowlisting capabilities
Based on mod_http_openmetrics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 25 Oct 2023 17:18:50 +0200 |
| parents | 6af2d74daa15 |
| children |
comparison
equal
deleted
inserted
replaced
| 5678:0cffeff2cd1d | 5679:e274431bf4ce |
|---|---|
| 1 module:set_global(); | 1 module:set_global(); |
| 2 | 2 |
| 3 local json = require "util.json"; | 3 local json = require "util.json"; |
| 4 local datetime = require "util.datetime".datetime; | 4 local datetime = require "util.datetime".datetime; |
| 5 local ip = require "util.ip"; | |
| 5 | 6 |
| 6 local modulemanager = require "core.modulemanager"; | 7 local modulemanager = require "core.modulemanager"; |
| 8 | |
| 9 local permitted_ips = module:get_option_set("http_status_allow_ips", { "::1", "127.0.0.1" }); | |
| 10 local permitted_cidr = module:get_option_string("http_status_allow_cidr"); | |
| 11 | |
| 12 local function is_permitted(request) | |
| 13 local ip_raw = request.ip; | |
| 14 if permitted_ips:contains(ip_raw) or | |
| 15 (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then | |
| 16 return true; | |
| 17 end | |
| 18 return false; | |
| 19 end | |
| 7 | 20 |
| 8 module:provides("http", { | 21 module:provides("http", { |
| 9 route = { | 22 route = { |
| 10 GET = function(event) | 23 GET = function(event) |
| 11 local request, response = event.request, event.response; | 24 local request, response = event.request, event.response; |
| 25 if not is_permitted(request) then | |
| 26 return 403; -- Forbidden | |
| 27 end | |
| 12 response.headers.content_type = "application/json"; | 28 response.headers.content_type = "application/json"; |
| 13 | 29 |
| 14 local resp = { ["*"] = true }; | 30 local resp = { ["*"] = true }; |
| 15 | 31 |
| 16 for host in pairs(prosody.hosts) do | 32 for host in pairs(prosody.hosts) do |