Add support for validating the downstream ip of the connection

pires / go-proxyproto

A Go library implementation of the PROXY protocol, versions 1 and 2.

Apache License 2.0

478 stars 107 forks source link

Add support for validating the downstream ip of the connection #108

Closed kmala closed 2 months ago

kmala commented 4 months ago

fixes #107 Had to change the PolicyFunc mentod signature as i couldn't find a better way to handle policy if we have separate functions for upstream and downstream and if both are present.

dims commented 4 months ago

@pires can you please approve the CI workflow so we can check if the new test being added works fine? thanks!

coveralls commented 4 months ago

coverage: 95.119% (+0.1%) from 95.017% when pulling 9dc11aaaa2c1720bb89599792aa3fa6ab867137b on kmala:feat into 8a2480a3966f69776d99be21dd09b345fb199ee6 on pires:main.

pires commented 4 months ago

@dims for you the world, thanks for pinging.

dims commented 4 months ago

@kmala please review the coverage tests, looks like we need to make sure they don't regress.

kmala commented 4 months ago

please review the coverage tests, looks like we need to make sure they don't regress.

Update and verified locally that the coverage has increased.

emersion commented 3 months ago

If we don't want to break the API, my take would be to add a new ConnPolicy callback:

Only one of Policy and ConnPolicy can be specified, not both, to avoid having to pick between the two.
ConnPolicy takes the net.Conn so that it can fetch any details it needs about the connection. Alternatively, it takes a ConnPolicyOptions struct which carry the IP addresses and can be extended later with more fields.

kmala commented 3 months ago

Only one of Policy and ConnPolicy can be specified, not both, to avoid having to pick between the two.

The issue is that since the Listener is exported https://github.com/pires/go-proxyproto/blob/main/protocol.go#L25 there is no proper way to enforce that only one of the policy/connpolicy can be specified.

We can just ignore Policy if ConnPolicy is specified in the code but that won't be obvious unless someone reads the code or comments.

emersion commented 3 months ago

It should be possible to panic from Accept if the library user provides both. Not ideal, but still better than silently ignoring one of the callbacks IMHO.

kmala commented 3 months ago

@emersion can you please check if the changes look good?

pires commented 3 months ago

I am thinking the ConnPolicy should become the new API, since it seems to encapsulate what Policy is doing today, and we'd mark Policy as deprecated and to be removed in a future release. WDYT?

kmala commented 3 months ago

I am thinking the ConnPolicy should become the new API, since it seems to encapsulate what Policy is doing today, and we'd mark Policy as deprecated and to be removed in a future release. WDYT?

Update the field as deprecated.

kmala commented 2 months ago

@pires @emersion can you please review when you get chance ?

pires commented 2 months ago

Thanks a ton for this contribution. We'll be releasing a new minor for introducing the new behavior and announce the deprecation of PolicyFunc 🖖🏻