mirror of
https://github.com/sileht/bird-lg.git
synced 2024-11-21 14:34:43 +01:00
Add SHARED_SECRET
This commit is contained in:
parent
1e78b20860
commit
96c33da446
3
lg.cfg
3
lg.cfg
|
@ -5,6 +5,9 @@ LOG_LEVEL="WARNING"
|
|||
|
||||
DOMAIN = "tetaneutral.net"
|
||||
|
||||
# Used for restrict access on lgproxy - must be same in lgproxy.cfg
|
||||
SHARED_SECRET="ThisTokenIsNotSecret"
|
||||
|
||||
BIND_IP = "0.0.0.0"
|
||||
BIND_PORT = 5000
|
||||
|
||||
|
|
3
lg.py
3
lg.py
|
@ -153,7 +153,8 @@ def bird_proxy(host, proto, service, query):
|
|||
if "DOMAIN" in app.config:
|
||||
url = "%s.%s" % (url, app.config["DOMAIN"])
|
||||
url = "%s:%d/%s?" % (url, port, path)
|
||||
|
||||
if "SHARED_SECRET" in app.config:
|
||||
url = "%ssecret=%s&" % (url, app.config["SHARED_SECRET"])
|
||||
url = "%sq=%s" % (url, quote(query))
|
||||
|
||||
try:
|
||||
|
|
|
@ -1,12 +1,21 @@
|
|||
|
||||
DEBUG=False
|
||||
|
||||
LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
|
||||
LOG_LEVEL="WARNING"
|
||||
|
||||
BIND_IP = "0.0.0.0"
|
||||
BIND_PORT = 5000
|
||||
|
||||
# Used for restrict access on lgproxy - Empty list = all allowed
|
||||
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
|
||||
|
||||
# Used for restrict access on lgproxy - Must be same in lg.cfg
|
||||
SHARED_SECRET="ThisTokenIsNotSecret"
|
||||
|
||||
IPV4_SOURCE=""
|
||||
IPV6_SOURCE=""
|
||||
|
||||
BIRD_SOCKET="/var/run/bird/bird.ctl"
|
||||
BIRD6_SOCKET="/var/run/bird/bird6.ctl"
|
||||
|
||||
|
|
13
lgproxy.py
13
lgproxy.py
|
@ -54,14 +54,19 @@ def access_log_after(response, *args, **kwargs):
|
|||
app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
|
||||
return response
|
||||
|
||||
def check_accesslist():
|
||||
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
|
||||
def check_security():
|
||||
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
|
||||
app.logger.info("Your remote address is not valid")
|
||||
abort(401)
|
||||
|
||||
if app.config.get('SHARED_SECRET') and request.args.get("secret") != app.config["SHARED_SECRET"]:
|
||||
app.logger.info("Your shared secret is not valid")
|
||||
abort(401)
|
||||
|
||||
@app.route("/traceroute")
|
||||
@app.route("/traceroute6")
|
||||
def traceroute():
|
||||
check_accesslist()
|
||||
check_security()
|
||||
|
||||
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
|
||||
traceroute4 = [ 'traceroute' ]
|
||||
|
@ -100,7 +105,7 @@ def traceroute():
|
|||
@app.route("/bird")
|
||||
@app.route("/bird6")
|
||||
def bird():
|
||||
check_accesslist()
|
||||
check_security()
|
||||
|
||||
if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET"))
|
||||
elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET"))
|
||||
|
|
Loading…
Reference in a new issue