ditkrg/traefik-users-blocker-plugin
4
0
Fork 0
mirror of https://github.com/ditkrg/traefik-users-blocker-plugin.git synced 2026-01-23 00:07:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ditkrg:v0.1.0
Branches Tags
ditkrg:main
ditkrg:v0.1.4
ditkrg:v0.1.3
ditkrg:v0.1.2
ditkrg:v0.1.1
ditkrg:v0.1.0
...
compare: ditkrg:main
Branches Tags
ditkrg:main
ditkrg:v0.1.4
ditkrg:v0.1.3
ditkrg:v0.1.2
ditkrg:v0.1.1
ditkrg:v0.1.0

8 Commits
v0.1.0 ... main

Author SHA1 Message Date
MohamadTahir
8d3b1b71e5
update example 2024-05-04 09:43:20 +03:00
MohamadTahir
e9cbcb04c4
update logic 2023-10-30 17:31:06 +03:00
MohamadTahir
7a03599d16
remove path 2023-10-30 17:03:25 +03:00
MohamadTahir
cabcbbb166
update logic and logging 2023-10-30 16:53:34 +03:00
MohamadTahir
4f258ba7f3
update .traefik.yml 2023-10-30 14:59:30 +03:00
MohamadTahir
57968638d2
add new lines to logs 2023-10-30 14:57:39 +03:00
MohamadTahir
fb7dce9887
add simple logs 2023-10-30 14:52:36 +03:00
MohamadTahir
149616a5ad
add docker compose for local development 2023-10-30 13:51:48 +03:00
3 changed files with 48 additions and 12 deletions
Show Stats Expand all files Collapse all files

5
.traefik.yml
View File

@ -11,6 +11,5 @@ testData:
- userId1
- userId2
paths:
- prefix: /v1/users
value: testValue
- prefix: /v1/organizations
- base: /v1/users
path: /testValue

16
docker-compose.yaml Normal file
View File

@ -0,0 +1,16 @@
version: '3'
services:
reverse-proxy:
image: traefik:v3.0
command:
- --api.insecure=true
- --providers.docker
- "--experimental.localPlugins.usersblocker.moduleName=github.com/ditkrg/traefik-users-blocker-plugin"
ports:
- "80:80"
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- ./:/plugins-local/src/github.com/ditkrg/traefik-users-blocker-plugin

39
main.go
View File

@ -4,12 +4,17 @@ import (
"context"
"fmt"
"net/http"
"os"
"strings"
)
type Rule struct {
AllowedSubPaths []string `json:"allowedSubPaths,omitempty"`
}
type Path struct {
Prefix string `json:"prefix,omitempty"`
MustContain string `json:"mustContain,omitempty"`
Path string `json:"base,omitempty"`
Rule Rule `json:"rule,omitempty"`
}
type Config struct {
@ -37,8 +42,8 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
}
for _, path := range config.Paths {
if path.Prefix == "" {
return nil, fmt.Errorf("Paths.Prefix cannot be empty")
if path.Path == "" {
return nil, fmt.Errorf("Paths.Path cannot be empty")
}
}
@ -53,6 +58,9 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
userId := req.Header["X-Auth-User-Id"][0]
message := fmt.Sprintf("{requestPath: %s, userId: %s}\n", req.URL.Path, userId)
os.Stdout.WriteString(message)
var isUserBlocked bool
for _, id := range a.userId {
@ -67,16 +75,29 @@ func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
}
for _, path := range a.paths {
isPathBlocked := strings.HasPrefix(req.URL.Path, path.Prefix)
isPathMatched := strings.HasPrefix(req.URL.Path, path.Path)
if isPathBlocked && path.MustContain != "" {
isPathBlocked = !strings.Contains(req.URL.Path, path.MustContain)
if !isPathMatched {
a.next.ServeHTTP(rw, req)
return
}
if isPathBlocked {
http.Error(rw, "Forbidden", http.StatusForbidden)
if len(path.Rule.AllowedSubPaths) == 0 {
message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, path.Path, userId)
os.Stdout.WriteString(message)
http.Error(rw, message, http.StatusForbidden)
return
}
for _, allowedSubPath := range path.Rule.AllowedSubPaths {
isAllowedSubPathMatched := strings.HasPrefix(req.URL.Path, path.Path+allowedSubPath)
if !isAllowedSubPathMatched {
message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, path.Path+path.Path+allowedSubPath, userId)
os.Stdout.WriteString(message)
http.Error(rw, message, http.StatusForbidden)
return
}
}
}
a.next.ServeHTTP(rw, req)