Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2019-06-28 01:44:46 +0300
committerStan Hu <stanhu@gmail.com>2019-06-28 09:16:11 +0300
commit82c31a9addfe87e91b512abb982d2223fa4ed730 (patch)
tree56e0570df7f3999d633372bd6d285297d3732169 /lib
parentae68c7ea142b12fe179a4027b17d31ac6fb2649c (diff)
Support CIDR notation in IP rate limiter
This will make it possible to whitelist multiple IP addresses (e.g. 192.168.0.1/24).
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/auth/ip_rate_limiter.rb17
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/gitlab/auth/ip_rate_limiter.rb b/lib/gitlab/auth/ip_rate_limiter.rb
index 81e616fa20a..0b7055b3256 100644
--- a/lib/gitlab/auth/ip_rate_limiter.rb
+++ b/lib/gitlab/auth/ip_rate_limiter.rb
@@ -3,6 +3,8 @@
module Gitlab
module Auth
class IpRateLimiter
+ include ::Gitlab::Utils::StrongMemoize
+
attr_reader :ip
def initialize(ip)
@@ -37,7 +39,20 @@ module Gitlab
end
def ip_can_be_banned?
- config.ip_whitelist.exclude?(ip)
+ !trusted_ip?
+ end
+
+ def trusted_ip?
+ trusted_ips.any? { |netmask| netmask.include?(ip) }
+ end
+
+ def trusted_ips
+ strong_memoize(:trusted_ips) do
+ config.ip_whitelist.map do |proxy|
+ IPAddr.new(proxy)
+ rescue IPAddr::InvalidAddressError
+ end.compact
+ end
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 07:24:17 +0300