mirror of
https://github.com/sileht/bird-lg.git
synced 2024-11-25 08:14:42 +01:00
Add SHARED_SECRET
This commit is contained in:
parent
1e78b20860
commit
96c33da446
3
lg.cfg
3
lg.cfg
|
@ -5,6 +5,9 @@ LOG_LEVEL="WARNING"
|
||||||
|
|
||||||
DOMAIN = "tetaneutral.net"
|
DOMAIN = "tetaneutral.net"
|
||||||
|
|
||||||
|
# Used for restrict access on lgproxy - must be same in lgproxy.cfg
|
||||||
|
SHARED_SECRET="ThisTokenIsNotSecret"
|
||||||
|
|
||||||
BIND_IP = "0.0.0.0"
|
BIND_IP = "0.0.0.0"
|
||||||
BIND_PORT = 5000
|
BIND_PORT = 5000
|
||||||
|
|
||||||
|
|
3
lg.py
3
lg.py
|
@ -153,7 +153,8 @@ def bird_proxy(host, proto, service, query):
|
||||||
if "DOMAIN" in app.config:
|
if "DOMAIN" in app.config:
|
||||||
url = "%s.%s" % (url, app.config["DOMAIN"])
|
url = "%s.%s" % (url, app.config["DOMAIN"])
|
||||||
url = "%s:%d/%s?" % (url, port, path)
|
url = "%s:%d/%s?" % (url, port, path)
|
||||||
|
if "SHARED_SECRET" in app.config:
|
||||||
|
url = "%ssecret=%s&" % (url, app.config["SHARED_SECRET"])
|
||||||
url = "%sq=%s" % (url, quote(query))
|
url = "%sq=%s" % (url, quote(query))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -1,12 +1,21 @@
|
||||||
|
|
||||||
DEBUG=False
|
DEBUG=False
|
||||||
|
|
||||||
LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
|
LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
|
||||||
LOG_LEVEL="WARNING"
|
LOG_LEVEL="WARNING"
|
||||||
|
|
||||||
BIND_IP = "0.0.0.0"
|
BIND_IP = "0.0.0.0"
|
||||||
BIND_PORT = 5000
|
BIND_PORT = 5000
|
||||||
|
|
||||||
|
# Used for restrict access on lgproxy - Empty list = all allowed
|
||||||
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
|
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
|
||||||
|
|
||||||
|
# Used for restrict access on lgproxy - Must be same in lg.cfg
|
||||||
|
SHARED_SECRET="ThisTokenIsNotSecret"
|
||||||
|
|
||||||
IPV4_SOURCE=""
|
IPV4_SOURCE=""
|
||||||
IPV6_SOURCE=""
|
IPV6_SOURCE=""
|
||||||
|
|
||||||
BIRD_SOCKET="/var/run/bird/bird.ctl"
|
BIRD_SOCKET="/var/run/bird/bird.ctl"
|
||||||
BIRD6_SOCKET="/var/run/bird/bird6.ctl"
|
BIRD6_SOCKET="/var/run/bird/bird6.ctl"
|
||||||
|
|
||||||
|
|
11
lgproxy.py
11
lgproxy.py
|
@ -54,14 +54,19 @@ def access_log_after(response, *args, **kwargs):
|
||||||
app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
|
app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def check_accesslist():
|
def check_security():
|
||||||
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
|
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
|
||||||
|
app.logger.info("Your remote address is not valid")
|
||||||
|
abort(401)
|
||||||
|
|
||||||
|
if app.config.get('SHARED_SECRET') and request.args.get("secret") != app.config["SHARED_SECRET"]:
|
||||||
|
app.logger.info("Your shared secret is not valid")
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
||||||
@app.route("/traceroute")
|
@app.route("/traceroute")
|
||||||
@app.route("/traceroute6")
|
@app.route("/traceroute6")
|
||||||
def traceroute():
|
def traceroute():
|
||||||
check_accesslist()
|
check_security()
|
||||||
|
|
||||||
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
|
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
|
||||||
traceroute4 = [ 'traceroute' ]
|
traceroute4 = [ 'traceroute' ]
|
||||||
|
@ -100,7 +105,7 @@ def traceroute():
|
||||||
@app.route("/bird")
|
@app.route("/bird")
|
||||||
@app.route("/bird6")
|
@app.route("/bird6")
|
||||||
def bird():
|
def bird():
|
||||||
check_accesslist()
|
check_security()
|
||||||
|
|
||||||
if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET"))
|
if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET"))
|
||||||
elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET"))
|
elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET"))
|
||||||
|
|
Loading…
Reference in a new issue