Allow multiple ports in restriction file
This commit is contained in:
Σrebe - Romain GERARD
parent
135fcb5127
commit
3c84c59a11
5 changed files with 72 additions and 58 deletions
|
|
@ -1,4 +1,4 @@
|
|||
use crate::restrictions::types::{default_cidr, default_host, default_port};
|
||||
use crate::restrictions::types::{default_cidr, default_host};
|
||||
use regex::Regex;
|
||||
use std::fs::File;
|
||||
use std::io::BufReader;
|
||||
|
|
@ -21,7 +21,7 @@ impl RestrictionsRules {
|
|||
let mut tunnels_restrictions = if restrict_to.is_empty() {
|
||||
let r = types::AllowConfig::Tunnel(types::AllowTunnelConfig {
|
||||
protocol: vec![],
|
||||
port: default_port(),
|
||||
port: vec![],
|
||||
host: default_host(),
|
||||
cidr: default_cidr(),
|
||||
});
|
||||
|
|
@ -30,21 +30,20 @@ impl RestrictionsRules {
|
|||
restrict_to
|
||||
.iter()
|
||||
.map(|(host, port)| {
|
||||
// Fixme: Remove the unwrap
|
||||
let reg = Regex::new(&format!("^{}$", regex::escape(host))).unwrap();
|
||||
types::AllowConfig::Tunnel(types::AllowTunnelConfig {
|
||||
let reg = Regex::new(&format!("^{}$", regex::escape(host)))?;
|
||||
Ok(types::AllowConfig::Tunnel(types::AllowTunnelConfig {
|
||||
protocol: vec![],
|
||||
port: RangeInclusive::new(*port, *port),
|
||||
port: vec![RangeInclusive::new(*port, *port)],
|
||||
host: reg,
|
||||
cidr: default_cidr(),
|
||||
})
|
||||
}))
|
||||
})
|
||||
.collect()
|
||||
.collect::<Result<Vec<_>, anyhow::Error>>()?
|
||||
};
|
||||
|
||||
tunnels_restrictions.push(types::AllowConfig::ReverseTunnel(types::AllowReverseTunnelConfig {
|
||||
protocol: vec![],
|
||||
port: default_port(),
|
||||
port: vec![],
|
||||
cidr: default_cidr(),
|
||||
}));
|
||||
|
||||
|
|
@ -61,19 +60,16 @@ impl RestrictionsRules {
|
|||
path_prefixes
|
||||
.iter()
|
||||
.map(|path_prefix| {
|
||||
// Fixme: Remove the unwrap
|
||||
let reg = Regex::new(&format!("^{}$", regex::escape(path_prefix))).unwrap();
|
||||
types::RestrictionConfig {
|
||||
let reg = Regex::new(&format!("^{}$", regex::escape(path_prefix)))?;
|
||||
Ok(types::RestrictionConfig {
|
||||
name: format!("Allow path prefix {}", path_prefix),
|
||||
r#match: types::MatchConfig::PathPrefix(reg),
|
||||
allow: tunnels_restrictions.clone(),
|
||||
}
|
||||
})
|
||||
})
|
||||
.collect()
|
||||
.collect::<Result<Vec<_>, anyhow::Error>>()?
|
||||
};
|
||||
|
||||
let restrictions = RestrictionsRules { restrictions };
|
||||
|
||||
Ok(restrictions)
|
||||
Ok(RestrictionsRules { restrictions })
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,8 +35,8 @@ pub struct AllowTunnelConfig {
|
|||
pub protocol: Vec<TunnelConfigProtocol>,
|
||||
|
||||
#[serde(deserialize_with = "deserialize_port_range")]
|
||||
#[serde(default = "default_port")]
|
||||
pub port: RangeInclusive<u16>,
|
||||
#[serde(default)]
|
||||
pub port: Vec<RangeInclusive<u16>>,
|
||||
|
||||
#[serde(with = "serde_regex")]
|
||||
#[serde(default = "default_host")]
|
||||
|
|
@ -52,8 +52,8 @@ pub struct AllowReverseTunnelConfig {
|
|||
pub protocol: Vec<ReverseTunnelConfigProtocol>,
|
||||
|
||||
#[serde(deserialize_with = "deserialize_port_range")]
|
||||
#[serde(default = "default_port")]
|
||||
pub port: RangeInclusive<u16>,
|
||||
#[serde(default)]
|
||||
pub port: Vec<RangeInclusive<u16>>,
|
||||
|
||||
#[serde(default = "default_cidr")]
|
||||
pub cidr: Vec<IpNet>,
|
||||
|
|
@ -75,10 +75,6 @@ pub enum ReverseTunnelConfigProtocol {
|
|||
Unknown,
|
||||
}
|
||||
|
||||
pub fn default_port() -> RangeInclusive<u16> {
|
||||
RangeInclusive::new(1, 65535)
|
||||
}
|
||||
|
||||
pub fn default_host() -> Regex {
|
||||
Regex::new("^.*$").unwrap()
|
||||
}
|
||||
|
|
@ -87,22 +83,30 @@ pub fn default_cidr() -> Vec<IpNet> {
|
|||
vec![IpNet::V4(Ipv4Net::default()), IpNet::V6(Ipv6Net::default())]
|
||||
}
|
||||
|
||||
fn deserialize_port_range<'de, D>(deserializer: D) -> Result<RangeInclusive<u16>, D::Error>
|
||||
fn deserialize_port_range<'de, D>(deserializer: D) -> Result<Vec<RangeInclusive<u16>>, D::Error>
|
||||
where
|
||||
D: Deserializer<'de>,
|
||||
{
|
||||
let s = String::deserialize(deserializer)?;
|
||||
let range = if let Some((l, r)) = s.split_once("..") {
|
||||
RangeInclusive::new(
|
||||
l.parse().map_err(serde::de::Error::custom)?,
|
||||
r.parse().map_err(serde::de::Error::custom)?,
|
||||
)
|
||||
} else {
|
||||
let port = s.parse::<u16>().map_err(serde::de::Error::custom)?;
|
||||
RangeInclusive::new(port, port)
|
||||
};
|
||||
let s = Vec::<String>::deserialize(deserializer)?;
|
||||
let ranges = s
|
||||
.into_iter()
|
||||
.map(|s| {
|
||||
let range: Result<RangeInclusive<u16>, D::Error> = if let Some((l, r)) = s.split_once("..") {
|
||||
Ok(RangeInclusive::new(
|
||||
l.parse().map_err(<D::Error as serde::de::Error>::custom)?,
|
||||
r.parse().map_err(<D::Error as serde::de::Error>::custom)?,
|
||||
))
|
||||
} else {
|
||||
let port = s.parse::<u16>().map_err(serde::de::Error::custom)?;
|
||||
Ok(RangeInclusive::new(port, port))
|
||||
};
|
||||
range
|
||||
})
|
||||
.collect::<Vec<_>>()
|
||||
.into_iter()
|
||||
.collect::<Result<Vec<RangeInclusive<u16>>, D::Error>>()?;
|
||||
|
||||
Ok(range)
|
||||
Ok(ranges)
|
||||
}
|
||||
|
||||
impl From<&LocalProtocol> for ReverseTunnelConfigProtocol {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue