check remote_addr is loopback
This commit is contained in:
parent
d6577e555e
commit
7a7faf405e
|
@ -59,18 +59,23 @@ fn authenticate(tokens: HashMap<String, String>) -> impl Filter<Extract = (), Er
|
||||||
warp::filters::any::any()
|
warp::filters::any::any()
|
||||||
.map(move || tokens.clone())
|
.map(move || tokens.clone())
|
||||||
.and(filters::query::query::<AuthToken>())
|
.and(filters::query::query::<AuthToken>())
|
||||||
.and_then(|tokens: Arc<HashSet<String>>, token: AuthToken| {
|
.and(filters::addr::remote())
|
||||||
async move {
|
.and_then(
|
||||||
if let Some(token) = token.token {
|
|tokens: Arc<HashSet<String>>, token: AuthToken, peer_addr: Option<std::net::SocketAddr>| {
|
||||||
if tokens.contains(&token) {
|
async move {
|
||||||
return Ok(());
|
if let Some(addr) = peer_addr {
|
||||||
|
if let Some(token) = token.token {
|
||||||
|
if addr.ip().is_loopback() && tokens.contains(&token) {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Err(warp::reject::custom(ActionStatus::Err {
|
||||||
|
reason: "Access Denied".into(),
|
||||||
|
}))
|
||||||
}
|
}
|
||||||
Err(warp::reject::custom(ActionStatus::Err {
|
},
|
||||||
reason: "Access Denied".into(),
|
)
|
||||||
}))
|
|
||||||
}
|
|
||||||
})
|
|
||||||
.untuple_one()
|
.untuple_one()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue