Software /
code /
prosody-modules
Comparison
mod_http_status/mod_http_status.lua @ 5702:e274431bf4ce
mod_http_status: Add IP allowlisting capabilities
Based on mod_http_openmetrics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 25 Oct 2023 17:18:50 +0200 |
parent | 5161:6af2d74daa15 |
comparison
equal
deleted
inserted
replaced
5701:0cffeff2cd1d | 5702:e274431bf4ce |
---|---|
1 module:set_global(); | 1 module:set_global(); |
2 | 2 |
3 local json = require "util.json"; | 3 local json = require "util.json"; |
4 local datetime = require "util.datetime".datetime; | 4 local datetime = require "util.datetime".datetime; |
5 local ip = require "util.ip"; | |
5 | 6 |
6 local modulemanager = require "core.modulemanager"; | 7 local modulemanager = require "core.modulemanager"; |
8 | |
9 local permitted_ips = module:get_option_set("http_status_allow_ips", { "::1", "127.0.0.1" }); | |
10 local permitted_cidr = module:get_option_string("http_status_allow_cidr"); | |
11 | |
12 local function is_permitted(request) | |
13 local ip_raw = request.ip; | |
14 if permitted_ips:contains(ip_raw) or | |
15 (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then | |
16 return true; | |
17 end | |
18 return false; | |
19 end | |
7 | 20 |
8 module:provides("http", { | 21 module:provides("http", { |
9 route = { | 22 route = { |
10 GET = function(event) | 23 GET = function(event) |
11 local request, response = event.request, event.response; | 24 local request, response = event.request, event.response; |
25 if not is_permitted(request) then | |
26 return 403; -- Forbidden | |
27 end | |
12 response.headers.content_type = "application/json"; | 28 response.headers.content_type = "application/json"; |
13 | 29 |
14 local resp = { ["*"] = true }; | 30 local resp = { ["*"] = true }; |
15 | 31 |
16 for host in pairs(prosody.hosts) do | 32 for host in pairs(prosody.hosts) do |