alarig/bird-lg
1
0
Fork 0
mirror of https://github.com/sileht/bird-lg.git synced 2024-11-21 14:34:43 +01:00
Code Issues Releases Wiki Activity

Merge pull request #71 from gmarsay/add-shared-secret

Browse source 
Add SHARED_SECRET
This commit is contained in:
zorun 2020-06-15 22:00:06 +02:00 committed by GitHub
parent 1e78b20860 96c33da446
commit 73ff7aa496
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lg.cfg
View file

@ -5,6 +5,9 @@ LOG_LEVEL="WARNING"
DOMAIN = "tetaneutral.net"
# Used for restrict access on lgproxy - must be same in lgproxy.cfg
SHARED_SECRET="ThisTokenIsNotSecret"
BIND_IP = "0.0.0.0"
BIND_PORT = 5000

3
lg.py
View file

@ -153,7 +153,8 @@ def bird_proxy(host, proto, service, query):
if "DOMAIN" in app.config:
url = "%s.%s" % (url, app.config["DOMAIN"])
url = "%s:%d/%s?" % (url, port, path)
if "SHARED_SECRET" in app.config:
url = "%ssecret=%s&" % (url, app.config["SHARED_SECRET"])
url = "%sq=%s" % (url, quote(query))
try:

9
lgproxy.cfg
View file

@ -1,12 +1,21 @@
DEBUG=False
LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
LOG_LEVEL="WARNING"
BIND_IP = "0.0.0.0"
BIND_PORT = 5000
# Used for restrict access on lgproxy - Empty list = all allowed
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
# Used for restrict access on lgproxy - Must be same in lg.cfg
SHARED_SECRET="ThisTokenIsNotSecret"
IPV4_SOURCE=""
IPV6_SOURCE=""
BIRD_SOCKET="/var/run/bird/bird.ctl"
BIRD6_SOCKET="/var/run/bird/bird6.ctl"

13
lgproxy.py
View file

@ -54,14 +54,19 @@ def access_log_after(response, *args, **kwargs):
app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
return response
def check_accesslist():
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
def check_security():
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
app.logger.info("Your remote address is not valid")
abort(401)
if app.config.get('SHARED_SECRET') and request.args.get("secret") != app.config["SHARED_SECRET"]:
app.logger.info("Your shared secret is not valid")
abort(401)
@app.route("/traceroute")
@app.route("/traceroute6")
def traceroute():
check_accesslist()
check_security()
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
traceroute4 = [ 'traceroute' ]
@ -100,7 +105,7 @@ def traceroute():
@app.route("/bird")
@app.route("/bird6")
def bird():
check_accesslist()
check_security()
if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET"))
elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET"))