ホーム エクスプローラ ヘルプ
登録 サインイン
admin
/
bitforum
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 0362ecc565
ブランチ タグ
bitforum
/
backend
/
Middleware
/
IPFilter.cs

IPFilter.cs 3.2 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. using System.Net;
    2. 

  2. using System.Text.RegularExpressions;
    3. 

  3. using bitforum.Services;
    4. 

  4. 

  5. namespace bitforum.Middleware
    6. 

  6. {
    7. 

  7.     public class IPFilter
    8. 

  8.     {
    9. 

  9.         private readonly RequestDelegate _next;
    10. 

  10.         private readonly ISetupService _setupService;
    11. 

  11. 

  12.         public IPFilter(RequestDelegate next, ISetupService setupService)
    13. 

  13.         {
    14. 

  14.             _next = next;
    15. 

  15.             _setupService = setupService;
    16. 

  16.         }
    17. 

  17. 

  18.         public async Task Invoke(HttpContext context)
    19. 

  19.         {
    20. 

  20.             var remoteIP = context.Connection.RemoteIpAddress;
    21. 

  21. 

  22.             // IP가 허용되지 않으면 403 Forbidden 반환
    23. 

  23.             if (!IsIpAllowed(remoteIP))
    24. 

  24.             {
    25. 

  25.                 context.Response.StatusCode = StatusCodes.Status403Forbidden;
    26. 

  26.                 await context.Response.WriteAsync("Access Denied: Your IP is not allowed to access this resource.");
    27. 

  27.                 return;
    28. 

  28.             }
    29. 

  29. 

  30.             await _next(context);
    31. 

  31.         }
    32. 

  32. 

  33.         private bool IsIpAllowed(IPAddress? remoteIP)
    34. 

  34.         {
    35. 

  35.             if (remoteIP == null)
    36. 

  36.             {
    37. 

  37.                 return false;
    38. 

  38.             }
    39. 

  39. 

  40.             var adminWhiteIpList = _setupService.GetConfig("admin_white_ip_list");
    41. 

  41.             var allowedIPs = string.IsNullOrWhiteSpace(adminWhiteIpList) ? new List<string>() : adminWhiteIpList.Split(['\r', '\n'], StringSplitOptions.RemoveEmptyEntries).Select(ip => ip.Trim()).ToList();
    42. 

  42. 

  43.             // 허용된 IP가 없으면 기본적으로 모든 요청 허용
    44. 

  44.             if (!allowedIPs.Any())
    45. 

  45.             {
    46. 

  46.                 return true;
    47. 

  47.             }
    48. 

  48. 

  49.             var ipString = remoteIP.ToString();
    50. 

  50. 

  51.             foreach (var allowedIP in allowedIPs)
    52. 

  52.             {
    53. 

  53.                 if (allowedIP.Contains("*"))
    54. 

  54.                 {
    55. 

  55.                     var regex = "^" + Regex.Escape(allowedIP).Replace("\\*", ".*") + "$";
    56. 

  56.                     if (Regex.IsMatch(ipString, regex))
    57. 

  57.                     {
    58. 

  58.                         return true;
    59. 

  59.                     }
    60. 

  60.                 }
    61. 

  61.                 else if (allowedIP.Contains("-"))
    62. 

  62.                 {
    63. 

  63.                     var parts = allowedIP.Split('-');
    64. 

  64.                     if (parts.Length == 2 && IPAddress.TryParse(parts[0].Trim(), out var startIp) && IPAddress.TryParse(parts[1].Trim(), out var endIp) && IsInRange(remoteIP, startIp, endIp))
    65. 

  65.                     {
    66. 

  66.                         return true;
    67. 

  67.                     }
    68. 

  68.                 }
    69. 

  69.                 else if (IPAddress.TryParse(allowedIP, out var allowedAddress) && remoteIP.Equals(allowedAddress))
    70. 

  70.                 {
    71. 

  71.                     return true;
    72. 

  72.                 }
    73. 

  73.             }
    74. 

  74. 

  75.             return false;
    76. 

  76.         }
    77. 

  77. 

  78.         private bool IsInRange(IPAddress IP, IPAddress startIP, IPAddress endIP)
    79. 

  79.         {
    80. 

  80.             var ipBytes = IP.GetAddressBytes();
    81. 

  81.             var startBytes = startIP.GetAddressBytes();
    82. 

  82.             var endBytes = endIP.GetAddressBytes();
    83. 

  83. 

  84.             if (ipBytes.Length != startBytes.Length || ipBytes.Length != endBytes.Length)
    85. 

  85.             {
    86. 

  86.                 return false;
    87. 

  87.             }
    88. 

  88. 

  89.             for (int i = 0; i < ipBytes.Length; i++)
    90. 

  90.             {
    91. 

  91.                 if (ipBytes[i] < startBytes[i] || ipBytes[i] > endBytes[i])
    92. 

  92.                 {
    93. 

  93.                     return false;
    94. 

  94.                 }
    95. 

  95.             }
    96. 

  96. 

  97.             return true;
    98. 

  98.         }
    99. 

  99.     }
    100. 

  100. }
    101.