ditkrg/traefik-users-blocker-plugin
4
0
Fork 0
mirror of https://github.com/ditkrg/traefik-users-blocker-plugin.git synced 2026-01-22 21:16:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cabcbbb166
traefik-users-blocker-plugin/main.go

87 lines
1.7 KiB
Go
Raw Blame History

package traefik_users_blocker_plugin
import (
"context"
"fmt"
"net/http"
"os"
"strings"
)
type Path struct {
Base string `json:"base,omitempty"`
Path string `json:"path,omitempty"`
}
type Config struct {
UserIds []string `json:"userIds,omitempty"`
Paths []Path `json:"paths,omitempty"`
}
func CreateConfig() *Config {
return &Config{
UserIds: make([]string, 0),
Paths: make([]Path, 0),
}
}
type UsersBlocker struct {
next http.Handler
userId []string
paths []Path
name string
}
func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
if len(config.UserIds) == 0 {
return nil, fmt.Errorf("UserIds cannot be empty")
}
for _, path := range config.Paths {
if path.Base == "" {
return nil, fmt.Errorf("Paths.Base cannot be empty")
}
}
return &UsersBlocker{
next: next,
name: name,
userId: config.UserIds,
paths: config.Paths,
}, nil
}
func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
userId := req.Header["X-Auth-User-Id"][0]
message := fmt.Sprintf("{requestPath: %s, userId: %s}\n", req.URL.Path, userId)
os.Stdout.WriteString(message)
var isUserBlocked bool
for _, id := range a.userId {
if id == userId {
isUserBlocked = true
}
}
if !isUserBlocked {
a.next.ServeHTTP(rw, req)
return
}
for _, path := range a.paths {
blockedPath := path.Base + path.Path
isPathBlocked := strings.HasPrefix(req.URL.Path, blockedPath)
if isPathBlocked {
message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, blockedPath, userId)
os.Stdout.WriteString(message)
http.Error(rw, message, http.StatusForbidden)
return
}
}
a.next.ServeHTTP(rw, req)
}
Reference in New Issue View Git Blame Copy Permalink