src/up
1
0
Fork 0
mirror of https://github.com/coalaura/up.git synced 2025-07-17 21:44:35 +00:00
Code Activity

validate ip

Browse Source
This commit is contained in:
Laura
2025-06-20 21:24:16 +02:00
parent d976005959
commit 8ec9a287ae
3 changed files with 62 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/progress.go
View File

@ -25,7 +25,7 @@ func (pr *ProgressReader) Read(p []byte) (int, error) {
pr.read += int64(n) pr.read += int64(n)
percentage := float64(pr.read) / float64(pr.total) * 100 percentage := float64(pr.read) / float64(pr.total) * 100
log.Printf("\r%s: %.1f%% ", pr.label, percentage) log.Printf("\r%s: %.1f%% ", pr.label, min(100, percentage))
return n, err return n, err
} }

3
internal/types.go
View File

@ -6,11 +6,12 @@ import (
type ChallengeEntry struct { type ChallengeEntry struct {
Challenge []byte Challenge []byte
Client string
PublicKey ssh.PublicKey PublicKey ssh.PublicKey
} }
type SessionEntry struct { type SessionEntry struct {
PublicKey ssh.PublicKey Client string
} }
type AuthRequest struct { type AuthRequest struct {

67
server/protocol.go
View File

@ -5,6 +5,7 @@ import (
"encoding/base64" "encoding/base64"
"errors" "errors"
"io" "io"
"net"
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
@ -35,7 +36,17 @@ func IsSignatureFormatValid(format string) bool {
} }
func HandleChallengeRequest(w http.ResponseWriter, r *http.Request, authorized map[string]ssh.PublicKey) { func HandleChallengeRequest(w http.ResponseWriter, r *http.Request, authorized map[string]ssh.PublicKey) {
log.Printf("request: received new request from %s\n", r.RemoteAddr) ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
log.Warning("request: failed to split remote ip")
log.WarningE(err)
return
}
log.Printf("request: received new request from %s\n", ip)
var request internal.AuthRequest var request internal.AuthRequest
@ -76,17 +87,28 @@ func HandleChallengeRequest(w http.ResponseWriter, r *http.Request, authorized m
challenges.Set(challenge.Token, internal.ChallengeEntry{ challenges.Set(challenge.Token, internal.ChallengeEntry{
Challenge: raw, Challenge: raw,
Client: ip,
PublicKey: public, PublicKey: public,
}, cache.DefaultExpiration) }, cache.DefaultExpiration)
log.Printf("request: issued challenge to %s\n", r.RemoteAddr) log.Printf("request: issued challenge to %s\n", ip)
w.Header().Set("Content-Type", "application/msgpack") w.Header().Set("Content-Type", "application/msgpack")
msgpack.NewEncoder(w).Encode(challenge) msgpack.NewEncoder(w).Encode(challenge)
} }
func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized map[string]ssh.PublicKey) { func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized map[string]ssh.PublicKey) {
log.Printf("complete: received completion from %s\n", r.RemoteAddr) ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
log.Warning("complete: failed to split remote ip")
log.WarningE(err)
return
}
log.Printf("complete: received completion from %s\n", ip)
var response internal.AuthResponse var response internal.AuthResponse
@ -128,6 +150,14 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
challenge := entry.(internal.ChallengeEntry) challenge := entry.(internal.ChallengeEntry)
if challenge.Client != ip {
w.WriteHeader(http.StatusUnauthorized)
log.Warning("complete: incorrect client ip")
return
}
publicA := public.Marshal() publicA := public.Marshal()
publicB := challenge.PublicKey.Marshal() publicB := challenge.PublicKey.Marshal()
@ -182,10 +212,10 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
} }
sessions.Set(token, internal.SessionEntry{ sessions.Set(token, internal.SessionEntry{
PublicKey: public, Client: ip,
}, cache.DefaultExpiration) }, cache.DefaultExpiration)
log.Printf("complete: authentication completed for %s\n", r.RemoteAddr) log.Printf("complete: authentication completed for %s\n", ip)
w.Header().Set("Content-Type", "application/msgpack") w.Header().Set("Content-Type", "application/msgpack")
msgpack.NewEncoder(w).Encode(internal.AuthResult{ msgpack.NewEncoder(w).Encode(internal.AuthResult{
@ -194,7 +224,17 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
} }
func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) { func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
log.Printf("receive: received request from %s\n", r.RemoteAddr) ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
log.Warning("receive: failed to split remote ip")
log.WarningE(err)
return
}
log.Printf("receive: received request from %s\n", ip)
token := r.Header.Get("Authorization") token := r.Header.Get("Authorization")
if token == "" { if token == "" {
@ -205,7 +245,8 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
return return
} }
if _, ok := sessions.Get(token); !ok { entry, ok := sessions.Get(token)
if !ok {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
log.Warning("receive: invalid token") log.Warning("receive: invalid token")
@ -215,6 +256,16 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
sessions.Delete(token) sessions.Delete(token)
session := entry.(internal.SessionEntry)
if session.Client != ip {
w.WriteHeader(http.StatusUnauthorized)
log.Warning("receive: incorrect client ip")
return
}
reader, err := r.MultipartReader() reader, err := r.MultipartReader()
if err != nil { if err != nil {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
@ -280,7 +331,7 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
return return
} }
log.Printf("receive: stored file %s from %s (%d bytes)\n", name, r.RemoteAddr, read) log.Printf("receive: stored file %s from %s (%d bytes)\n", name, ip, read)
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
} }