mirror of
https://github.com/ditkrg/traefik-users-blocker-plugin.git
synced 2026-01-22 20:16:53 +00:00
84 lines
1.6 KiB
Go
84 lines
1.6 KiB
Go
package traefik_users_blocker_plugin
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
type Path struct {
|
|
Prefix string `json:"prefix,omitempty"`
|
|
MustContain string `json:"mustContain,omitempty"`
|
|
}
|
|
|
|
type Config struct {
|
|
UserIds []string `json:"userIds,omitempty"`
|
|
Paths []Path `json:"paths,omitempty"`
|
|
}
|
|
|
|
func CreateConfig() *Config {
|
|
return &Config{
|
|
UserIds: make([]string, 0),
|
|
Paths: make([]Path, 0),
|
|
}
|
|
}
|
|
|
|
type UsersBlocker struct {
|
|
next http.Handler
|
|
userId []string
|
|
paths []Path
|
|
name string
|
|
}
|
|
|
|
func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
|
|
if len(config.UserIds) == 0 {
|
|
return nil, fmt.Errorf("UserIds cannot be empty")
|
|
}
|
|
|
|
for _, path := range config.Paths {
|
|
if path.Prefix == "" {
|
|
return nil, fmt.Errorf("Paths.Prefix cannot be empty")
|
|
}
|
|
}
|
|
|
|
return &UsersBlocker{
|
|
next: next,
|
|
name: name,
|
|
userId: config.UserIds,
|
|
paths: config.Paths,
|
|
}, nil
|
|
}
|
|
|
|
func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|
userId := req.Header["X-Auth-User-Id"][0]
|
|
|
|
var isUserBlocked bool
|
|
|
|
for _, id := range a.userId {
|
|
if id == userId {
|
|
isUserBlocked = true
|
|
}
|
|
}
|
|
|
|
if !isUserBlocked {
|
|
a.next.ServeHTTP(rw, req)
|
|
return
|
|
}
|
|
|
|
for _, path := range a.paths {
|
|
isPathBlocked := strings.HasPrefix(req.URL.Path, path.Prefix)
|
|
|
|
if isPathBlocked && path.MustContain != "" {
|
|
isPathBlocked = !strings.Contains(req.URL.Path, path.MustContain)
|
|
}
|
|
|
|
if isPathBlocked {
|
|
http.Error(rw, "Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
|
|
a.next.ServeHTTP(rw, req)
|
|
}
|