Add doc and create static matchCidr() to prevent repetition

drogonframework · Sep 18, 2024 · 847aeee · 847aeee
1 parent 162a0c1
commit 847aeee
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 22 deletions.
diff --git a/lib/inc/drogon/plugins/Hodor.h b/lib/inc/drogon/plugins/Hodor.h
@@ -71,7 +71,9 @@ IPs or users. the default value is 600.
                 "ip_capacity": 0,
                 "user_capacity": 0
             },...
-         ]
+        ],
+        // Trusted proxy ip or cidr
+        "trust_ips": ["127.0.0.1", "172.16.0.0/12"],
      }
   }
   @endcode
@@ -137,8 +139,7 @@ class DROGON_EXPORT Hodor : public drogon::Plugin<Hodor>
     std::function<HttpResponsePtr(const drogon::HttpRequestPtr &)>
         rejectResponseFactory_;
 
-    std::vector<RealIpResolver::CIDR> trustCIDRs_;
-    bool matchCidr(const trantor::InetAddress &addr) const;
+    RealIpResolver::CIDRs trustCIDRs_;
 
     void onHttpRequest(const drogon::HttpRequestPtr &,
                        AdviceCallback &&,

diff --git a/lib/inc/drogon/plugins/RealIpResolver.h b/lib/inc/drogon/plugins/RealIpResolver.h
@@ -57,7 +57,6 @@ class DROGON_EXPORT RealIpResolver : public drogon::Plugin<RealIpResolver>
   private:
     const trantor::InetAddress &getRealAddr(
         const drogon::HttpRequestPtr &req) const;
-    bool matchCidr(const trantor::InetAddress &addr) const;
 
     struct CIDR
     {
@@ -66,8 +65,12 @@ class DROGON_EXPORT RealIpResolver : public drogon::Plugin<RealIpResolver>
         in_addr_t mask_{32};
     };
 
+    using CIDRs = std::vector<CIDR>;
+    static bool matchCidr(const trantor::InetAddress &addr,
+                          const CIDRs &trustCIDRs);
+
     friend class Hodor;
-    std::vector<CIDR> trustCIDRs_;
+    CIDRs trustCIDRs_;
     std::string fromHeader_;
     std::string attributeKey_;
     bool useXForwardedFor_{false};

diff --git a/lib/src/Hodor.cc b/lib/src/Hodor.cc
@@ -128,24 +128,12 @@ void Hodor::shutdown()
     LOG_TRACE << "Hodor plugin is shutdown!";
 }
 
-bool Hodor::matchCidr(const trantor::InetAddress &addr) const
-{
-    for (auto &cidr : trustCIDRs_)
-    {
-        if ((addr.ipNetEndian() & cidr.mask_) == cidr.addr_)
-        {
-            return true;
-        }
-    }
-    return false;
-}
-
 bool Hodor::checkLimit(const drogon::HttpRequestPtr &req,
                        const LimitStrategy &strategy,
                        const trantor::InetAddress &ip,
                        const std::optional<std::string> &userId)
 {
-    if (matchCidr(ip))
+    if (RealIpResolver::matchCidr(ip, trustCIDRs_))
     {
         return true;
     }

diff --git a/lib/src/RealIpResolver.cc b/lib/src/RealIpResolver.cc
@@ -109,7 +109,7 @@ void RealIpResolver::initAndStart(const Json::Value &config)
         const auto &headers = req->headers();
         auto ipHeaderFind = headers.find(fromHeader_);
         const trantor::InetAddress &peerAddr = req->getPeerAddr();
-        if (ipHeaderFind == headers.end() || !matchCidr(peerAddr))
+        if (ipHeaderFind == headers.end() || !matchCidr(peerAddr, trustCIDRs_))
         {
             // Target header is empty, or
             // direct peer is already a non-proxy
@@ -138,7 +138,7 @@ void RealIpResolver::initAndStart(const Json::Value &config)
         while (!(ip = parser.getNext()).empty())
         {
             trantor::InetAddress addr = parseAddress(ip);
-            if (addr.isUnspecified() || matchCidr(addr))
+            if (addr.isUnspecified() || matchCidr(addr, trustCIDRs_))
             {
                 continue;
             }
@@ -176,9 +176,10 @@ const trantor::InetAddress &RealIpResolver::getRealAddr(
     return attributesPtr->get<trantor::InetAddress>(attributeKey_);
 }
 
-bool RealIpResolver::matchCidr(const trantor::InetAddress &addr) const
+bool RealIpResolver::matchCidr(const trantor::InetAddress &addr,
+                               const CIDRs &trustCIDRs)
 {
-    for (auto &cidr : trustCIDRs_)
+    for (const auto &cidr : trustCIDRs)
     {
         if ((addr.ipNetEndian() & cidr.mask_) == cidr.addr_)
         {