Improve the clients/find API response
This commit is contained in:
Andrey Meshkov
@@ -80,6 +80,9 @@ func processIPCIDRArray(dst *map[string]bool, dstIPNet *[]net.IPNet, src []strin
|
||||
}
|
||||
|
||||
// IsBlockedIP - return TRUE if this client should be blocked
|
||||
// Returns the item from the "disallowedClients" list that lead to blocking IP.
|
||||
// If it returns TRUE and an empty string, it means that the "allowedClients" is not empty,
|
||||
// but the ip does not belong to it.
|
||||
func (a *accessCtx) IsBlockedIP(ip string) (bool, string) {
|
||||
a.lock.Lock()
|
||||
defer a.lock.Unlock()
|
||||
@@ -99,7 +102,7 @@ func (a *accessCtx) IsBlockedIP(ip string) (bool, string) {
|
||||
}
|
||||
}
|
||||
|
||||
return true, "not-in-allowed-list"
|
||||
return true, ""
|
||||
}
|
||||
|
||||
_, ok := a.disallowedClients[ip]
|
||||
|
||||
73
dnsforward/access_test.go
Normal file
73
dnsforward/access_test.go
Normal file
@@ -0,0 +1,73 @@
|
||||
package dnsforward
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestIsBlockedIPAllowed(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init([]string{"1.1.1.1", "2.2.0.0/16"}, nil, nil) == nil)
|
||||
|
||||
disallowed, disallowedRule := a.IsBlockedIP("1.1.1.1")
|
||||
assert.False(t, disallowed)
|
||||
assert.Equal(t, "", disallowedRule)
|
||||
|
||||
disallowed, disallowedRule = a.IsBlockedIP("1.1.1.2")
|
||||
assert.True(t, disallowed)
|
||||
assert.Equal(t, "", disallowedRule)
|
||||
|
||||
disallowed, disallowedRule = a.IsBlockedIP("2.2.1.1")
|
||||
assert.False(t, disallowed)
|
||||
assert.Equal(t, "", disallowedRule)
|
||||
|
||||
disallowed, disallowedRule = a.IsBlockedIP("2.3.1.1")
|
||||
assert.True(t, disallowed)
|
||||
assert.Equal(t, "", disallowedRule)
|
||||
}
|
||||
|
||||
func TestIsBlockedIPDisallowed(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init(nil, []string{"1.1.1.1", "2.2.0.0/16"}, nil) == nil)
|
||||
|
||||
disallowed, disallowedRule := a.IsBlockedIP("1.1.1.1")
|
||||
assert.True(t, disallowed)
|
||||
assert.Equal(t, "1.1.1.1", disallowedRule)
|
||||
|
||||
disallowed, disallowedRule = a.IsBlockedIP("1.1.1.2")
|
||||
assert.False(t, disallowed)
|
||||
assert.Equal(t, "", disallowedRule)
|
||||
|
||||
disallowed, disallowedRule = a.IsBlockedIP("2.2.1.1")
|
||||
assert.True(t, disallowed)
|
||||
assert.Equal(t, "2.2.0.0/16", disallowedRule)
|
||||
|
||||
disallowed, disallowedRule = a.IsBlockedIP("2.3.1.1")
|
||||
assert.False(t, disallowed)
|
||||
assert.Equal(t, "", disallowedRule)
|
||||
}
|
||||
|
||||
func TestIsBlockedIPBlockedDomain(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init(nil, nil, []string{"host1",
|
||||
"host2",
|
||||
"*.host.com",
|
||||
"||host3.com^",
|
||||
}) == nil)
|
||||
|
||||
// match by "host2.com"
|
||||
assert.True(t, a.IsBlockedDomain("host1"))
|
||||
assert.True(t, a.IsBlockedDomain("host2"))
|
||||
assert.True(t, !a.IsBlockedDomain("host3"))
|
||||
|
||||
// match by wildcard "*.host.com"
|
||||
assert.True(t, !a.IsBlockedDomain("host.com"))
|
||||
assert.True(t, a.IsBlockedDomain("asdf.host.com"))
|
||||
assert.True(t, a.IsBlockedDomain("qwer.asdf.host.com"))
|
||||
assert.True(t, !a.IsBlockedDomain("asdf.zhost.com"))
|
||||
|
||||
// match by wildcard "||host3.com^"
|
||||
assert.True(t, a.IsBlockedDomain("host3.com"))
|
||||
assert.True(t, a.IsBlockedDomain("asdf.host3.com"))
|
||||
}
|
||||
@@ -874,58 +874,6 @@ func publicKey(priv interface{}) interface{} {
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsBlockedIPAllowed(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init([]string{"1.1.1.1", "2.2.0.0/16"}, nil, nil) == nil)
|
||||
|
||||
disallowed, _ := a.IsBlockedIP("1.1.1.1")
|
||||
assert.False(t, disallowed)
|
||||
disallowed, _ = a.IsBlockedIP("1.1.1.2")
|
||||
assert.True(t, disallowed)
|
||||
disallowed, _ = a.IsBlockedIP("2.2.1.1")
|
||||
assert.False(t, disallowed)
|
||||
disallowed, _ = a.IsBlockedIP("2.3.1.1")
|
||||
assert.True(t, disallowed)
|
||||
}
|
||||
|
||||
func TestIsBlockedIPDisallowed(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init(nil, []string{"1.1.1.1", "2.2.0.0/16"}, nil) == nil)
|
||||
|
||||
disallowed, _ := a.IsBlockedIP("1.1.1.1")
|
||||
assert.True(t, disallowed)
|
||||
disallowed, _ = a.IsBlockedIP("1.1.1.2")
|
||||
assert.False(t, disallowed)
|
||||
disallowed, _ = a.IsBlockedIP("2.2.1.1")
|
||||
assert.True(t, disallowed)
|
||||
disallowed, _ = a.IsBlockedIP("2.3.1.1")
|
||||
assert.False(t, disallowed)
|
||||
}
|
||||
|
||||
func TestIsBlockedIPBlockedDomain(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init(nil, nil, []string{"host1",
|
||||
"host2",
|
||||
"*.host.com",
|
||||
"||host3.com^",
|
||||
}) == nil)
|
||||
|
||||
// match by "host2.com"
|
||||
assert.True(t, a.IsBlockedDomain("host1"))
|
||||
assert.True(t, a.IsBlockedDomain("host2"))
|
||||
assert.True(t, !a.IsBlockedDomain("host3"))
|
||||
|
||||
// match by wildcard "*.host.com"
|
||||
assert.True(t, !a.IsBlockedDomain("host.com"))
|
||||
assert.True(t, a.IsBlockedDomain("asdf.host.com"))
|
||||
assert.True(t, a.IsBlockedDomain("qwer.asdf.host.com"))
|
||||
assert.True(t, !a.IsBlockedDomain("asdf.zhost.com"))
|
||||
|
||||
// match by wildcard "||host3.com^"
|
||||
assert.True(t, a.IsBlockedDomain("host3.com"))
|
||||
assert.True(t, a.IsBlockedDomain("asdf.host3.com"))
|
||||
}
|
||||
|
||||
func TestValidateUpstream(t *testing.T) {
|
||||
invalidUpstreams := []string{"1.2.3.4.5",
|
||||
"123.3.7m",
|
||||
|
||||
Reference in New Issue
Block a user