robotech 1.5.0

Backend service implementation for the RoboTech platform, providing RESTful APIs and business logic for web applications.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

use axum::extract::ConnectInfo;
use axum::{
    extract::{Request, State},
    http::StatusCode,
    middleware::Next,
    response::{IntoResponse, Response},
};
use ipnet::IpNet;
use std::net::SocketAddr;
use std::sync::Arc;
use wheel_rs::ipnet_utils::is_exact;

#[derive(Clone)]
pub struct IpBanState {
    pub(crate) ip_white_list: Arc<Vec<IpNet>>,
    pub(crate) ip_black_list: Arc<Vec<IpNet>>,
}

pub async fn ip_ban_middleware(
    State(state): State<IpBanState>,
    ConnectInfo(addr): ConnectInfo<SocketAddr>,
    request: Request,
    next: Next,
) -> Response {
    let src_ip = addr.ip();

    let IpBanState {
        ip_white_list,
        ip_black_list,
    } = state;

    if ip_white_list.is_empty() {
        for ip_net in ip_black_list.iter() {
            if ip_net.contains(&src_ip) {
                return StatusCode::FORBIDDEN.into_response();
            }
        }
    } else {
        let mut is_white = false;
        for ip_net in ip_white_list.iter() {
            if ip_net.contains(&src_ip) {
                if is_exact(ip_net) {
                    return next.run(request).await;
                }
                is_white = true;
                break;
            }
        }
        if !is_white {
            return StatusCode::FORBIDDEN.into_response();
        }
        for ip_net in ip_black_list.iter() {
            if ip_net.contains(&src_ip) {
                return StatusCode::FORBIDDEN.into_response();
            }
        }
    }

    next.run(request).await
}