ecadlabs / auth

0 stars 2 forks source link

JWT tokens for requests from IPs in a permitted list #20

Open jevonearth opened 5 years ago

jevonearth commented 5 years ago

As a NOC screen, I want to display a status page without logging in so that when I boot up, I load a URL and the desired page loads.

Add a command line param -permittedIPs "10.0.0.0/24,192.168.88.1/32" to the daemon.

If a GET or POST request to /login is received, check the source IP address against the permittedIPs list. If the source address falls within the CIDRs specified, then issue a JWT token with the role of iplogin

This functionality replaces the old /checkip kludge.

jevonearth commented 5 years ago

Envoy has an interesting IP Tagging implementation, that uses a trie structure; https://www.envoyproxy.io/docs/envoy/v1.8.0/configuration/http_filters/ip_tagging_filter