Software /
code /
prosody-modules
Diff
mod_http_status/mod_http_status.lua @ 5702:e274431bf4ce
mod_http_status: Add IP allowlisting capabilities
Based on mod_http_openmetrics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 25 Oct 2023 17:18:50 +0200 |
parent | 5161:6af2d74daa15 |
line wrap: on
line diff
--- a/mod_http_status/mod_http_status.lua Wed Oct 25 15:36:20 2023 +0200 +++ b/mod_http_status/mod_http_status.lua Wed Oct 25 17:18:50 2023 +0200 @@ -2,13 +2,29 @@ local json = require "util.json"; local datetime = require "util.datetime".datetime; +local ip = require "util.ip"; local modulemanager = require "core.modulemanager"; +local permitted_ips = module:get_option_set("http_status_allow_ips", { "::1", "127.0.0.1" }); +local permitted_cidr = module:get_option_string("http_status_allow_cidr"); + +local function is_permitted(request) + local ip_raw = request.ip; + if permitted_ips:contains(ip_raw) or + (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then + return true; + end + return false; +end + module:provides("http", { route = { GET = function(event) local request, response = event.request, event.response; + if not is_permitted(request) then + return 403; -- Forbidden + end response.headers.content_type = "application/json"; local resp = { ["*"] = true };