hyperion_vault_core/
ip_allowlist.rs

1use std::net::Ipv4Addr;
2use std::str::FromStr;
3
4use ipnet::Ipv4Net;
5
6use crate::error::{Error, Result};
7
8#[derive(Debug, Clone, Default)]
9pub struct IpAllowlist {
10    nets: Vec<Ipv4Net>,
11}
12
13impl IpAllowlist {
14    pub fn parse(spec: &str) -> Result<Self> {
15        let mut nets = Vec::new();
16        for raw in spec.split(',') {
17            let token = raw.trim();
18            if token.is_empty() {
19                continue;
20            }
21            let net = if token.contains('/') {
22                Ipv4Net::from_str(token).map_err(|_| Error::InvalidAllowlist(token.to_string()))?
23            } else {
24                let addr = Ipv4Addr::from_str(token)
25                    .map_err(|_| Error::InvalidAllowlist(token.to_string()))?;
26                Ipv4Net::new(addr, 32).map_err(|_| Error::InvalidAllowlist(token.to_string()))?
27            };
28            nets.push(net);
29        }
30        Ok(Self { nets })
31    }
32
33    pub fn is_empty(&self) -> bool {
34        self.nets.is_empty()
35    }
36
37    pub fn len(&self) -> usize {
38        self.nets.len()
39    }
40
41    pub fn contains(&self, ip: Ipv4Addr) -> bool {
42        self.nets.iter().any(|net| net.contains(&ip))
43    }
44}
hyperion_vault_core/ip_allowlist.rs

hyperion_vault_core/
ip_allowlist.rs
