diff options
author | Stan Hu <stanhu@gmail.com> | 2019-06-28 01:44:46 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-06-28 09:16:11 +0300 |
commit | 82c31a9addfe87e91b512abb982d2223fa4ed730 (patch) | |
tree | 56e0570df7f3999d633372bd6d285297d3732169 /lib | |
parent | ae68c7ea142b12fe179a4027b17d31ac6fb2649c (diff) |
Support CIDR notation in IP rate limiter
This will make it possible to whitelist multiple IP addresses
(e.g. 192.168.0.1/24).
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/auth/ip_rate_limiter.rb | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/gitlab/auth/ip_rate_limiter.rb b/lib/gitlab/auth/ip_rate_limiter.rb index 81e616fa20a..0b7055b3256 100644 --- a/lib/gitlab/auth/ip_rate_limiter.rb +++ b/lib/gitlab/auth/ip_rate_limiter.rb @@ -3,6 +3,8 @@ module Gitlab module Auth class IpRateLimiter + include ::Gitlab::Utils::StrongMemoize + attr_reader :ip def initialize(ip) @@ -37,7 +39,20 @@ module Gitlab end def ip_can_be_banned? - config.ip_whitelist.exclude?(ip) + !trusted_ip? + end + + def trusted_ip? + trusted_ips.any? { |netmask| netmask.include?(ip) } + end + + def trusted_ips + strong_memoize(:trusted_ips) do + config.ip_whitelist.map do |proxy| + IPAddr.new(proxy) + rescue IPAddr::InvalidAddressError + end.compact + end end end end |