+ GET /control/clients/find: add "disallowed" property

2020-07-24 14:30:29 +03:00
parent 07db05dd80
commit dd3027afe7
9 changed files with 113 additions and 26 deletions
--- a/dnsforward/access.go
+++ b/dnsforward/access.go
@@ -80,43 +80,43 @@ func processIPCIDRArray(dst *map[string]bool, dstIPNet *[]net.IPNet, src []strin
 }

 // IsBlockedIP - return TRUE if this client should be blocked
-func (a *accessCtx) IsBlockedIP(ip string) bool {
+func (a *accessCtx) IsBlockedIP(ip string) (bool, string) {
 	a.lock.Lock()
 	defer a.lock.Unlock()

 	if len(a.allowedClients) != 0 || len(a.allowedClientsIPNet) != 0 {
 		_, ok := a.allowedClients[ip]
 		if ok {
-			return false
+			return false, ""
 		}

 		if len(a.allowedClientsIPNet) != 0 {
 			ipAddr := net.ParseIP(ip)
 			for _, ipnet := range a.allowedClientsIPNet {
 				if ipnet.Contains(ipAddr) {
-					return false
+					return false, ""
 				}
 			}
 		}

-		return true
+		return true, "not-in-allowed-list"
 	}

 	_, ok := a.disallowedClients[ip]
 	if ok {
-		return true
+		return true, ip
 	}

 	if len(a.disallowedClientsIPNet) != 0 {
 		ipAddr := net.ParseIP(ip)
 		for _, ipnet := range a.disallowedClientsIPNet {
 			if ipnet.Contains(ipAddr) {
-				return true
+				return true, ipnet.String()
 			}
 		}
 	}

-	return false
+	return false, ""
 }

 // IsBlockedDomain - return TRUE if this domain should be blocked
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -298,3 +298,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		p.ServeHTTP(w, r)
 	}
 }
+
+// IsBlockedIP - return TRUE if this client should be blocked
+func (s *Server) IsBlockedIP(ip string) (bool, string) {
+	return s.access.IsBlockedIP(ip)
+}
--- a/dnsforward/dnsforward_test.go
+++ b/dnsforward/dnsforward_test.go
@@ -878,20 +878,28 @@ func TestIsBlockedIPAllowed(t *testing.T) {
 	a := &accessCtx{}
 	assert.True(t, a.Init([]string{"1.1.1.1", "2.2.0.0/16"}, nil, nil) == nil)

-	assert.True(t, !a.IsBlockedIP("1.1.1.1"))
-	assert.True(t, a.IsBlockedIP("1.1.1.2"))
-	assert.True(t, !a.IsBlockedIP("2.2.1.1"))
-	assert.True(t, a.IsBlockedIP("2.3.1.1"))
+	disallowed, _ := a.IsBlockedIP("1.1.1.1")
+	assert.False(t, disallowed)
+	disallowed, _ = a.IsBlockedIP("1.1.1.2")
+	assert.True(t, disallowed)
+	disallowed, _ = a.IsBlockedIP("2.2.1.1")
+	assert.False(t, disallowed)
+	disallowed, _ = a.IsBlockedIP("2.3.1.1")
+	assert.True(t, disallowed)
 }

 func TestIsBlockedIPDisallowed(t *testing.T) {
 	a := &accessCtx{}
 	assert.True(t, a.Init(nil, []string{"1.1.1.1", "2.2.0.0/16"}, nil) == nil)

-	assert.True(t, a.IsBlockedIP("1.1.1.1"))
-	assert.True(t, !a.IsBlockedIP("1.1.1.2"))
-	assert.True(t, a.IsBlockedIP("2.2.1.1"))
-	assert.True(t, !a.IsBlockedIP("2.3.1.1"))
+	disallowed, _ := a.IsBlockedIP("1.1.1.1")
+	assert.True(t, disallowed)
+	disallowed, _ = a.IsBlockedIP("1.1.1.2")
+	assert.False(t, disallowed)
+	disallowed, _ = a.IsBlockedIP("2.2.1.1")
+	assert.True(t, disallowed)
+	disallowed, _ = a.IsBlockedIP("2.3.1.1")
+	assert.False(t, disallowed)
 }

 func TestIsBlockedIPBlockedDomain(t *testing.T) {
--- a/dnsforward/filter.go
+++ b/dnsforward/filter.go
@@ -12,7 +12,8 @@ import (

 func (s *Server) beforeRequestHandler(_ *proxy.Proxy, d *proxy.DNSContext) (bool, error) {
 	ip := ipFromAddr(d.Addr)
-	if s.access.IsBlockedIP(ip) {
+	disallowed, _ := s.access.IsBlockedIP(ip)
+	if disallowed {
 		log.Tracef("Client IP %s is blocked by settings", ip)
 		return false, nil
 	}