astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #184 from artemws/main 

CIDR вместо обычного IP адреса metrics_whitelist
This commit is contained in:
Alexey 2026-02-20 17:15:54 +03:00 committed by GitHub
parent be8742a229 8892860490
commit da84151e9f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@ -53,6 +53,7 @@ anyhow = "1.0"
# HTTP # HTTP
reqwest = { version = "0.12", features = ["rustls-tls"], default-features = false } reqwest = { version = "0.12", features = ["rustls-tls"], default-features = false }
notify = { version = "6", features = ["macos_fsevent"] } notify = { version = "6", features = ["macos_fsevent"] }
ipnetwork = "0.20"
hyper = { version = "1", features = ["server", "http1"] } hyper = { version = "1", features = ["server", "http1"] }
hyper-util = { version = "0.1", features = ["tokio", "server-auto"] } hyper-util = { version = "0.1", features = ["tokio", "server-auto"] }
http-body-util = "0.1" http-body-util = "0.1"

8
src/config/defaults.rs
View File

@ -1,5 +1,6 @@
use std::net::IpAddr; use std::net::IpAddr;
use std::collections::HashMap; use std::collections::HashMap;
use ipnetwork::IpNetwork;
use serde::Deserialize; use serde::Deserialize;
// Helper defaults kept private to the config module. // Helper defaults kept private to the config module.
@ -66,8 +67,11 @@ pub(crate) fn default_weight() -> u16 {
1 1
} }
pub(crate) fn default_metrics_whitelist() -> Vec<IpAddr> { pub(crate) fn default_metrics_whitelist() -> Vec<IpNetwork> {
vec!["127.0.0.1".parse().unwrap(), "::1".parse().unwrap()] vec![
"127.0.0.1/32".parse().unwrap(),
"::1/128".parse().unwrap(),
]
} }
pub(crate) fn default_prefer_4() -> u8 { pub(crate) fn default_prefer_4() -> u8 {

3
src/config/types.rs
View File

@ -1,4 +1,5 @@
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use ipnetwork::IpNetwork;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::HashMap; use std::collections::HashMap;
use std::net::IpAddr; use std::net::IpAddr;
@ -304,7 +305,7 @@ pub struct ServerConfig {
pub metrics_port: Option<u16>, pub metrics_port: Option<u16>,
#[serde(default = "default_metrics_whitelist")] #[serde(default = "default_metrics_whitelist")]
pub metrics_whitelist: Vec<IpAddr>, pub metrics_whitelist: Vec<IpNetwork>,
#[serde(default)] #[serde(default)]
pub listeners: Vec<ListenerConfig>, pub listeners: Vec<ListenerConfig>,

7
src/metrics.rs
View File

@ -1,5 +1,5 @@
use std::convert::Infallible; use std::convert::Infallible;
use std::net::{IpAddr, SocketAddr}; use std::net::SocketAddr;
use std::sync::Arc; use std::sync::Arc;
use http_body_util::Full; use http_body_util::Full;
@ -7,12 +7,13 @@ use hyper::body::Bytes;
use hyper::server::conn::http1; use hyper::server::conn::http1;
use hyper::service::service_fn; use hyper::service::service_fn;
use hyper::{Request, Response, StatusCode}; use hyper::{Request, Response, StatusCode};
use ipnetwork::IpNetwork;
use tokio::net::TcpListener; use tokio::net::TcpListener;
use tracing::{info, warn, debug}; use tracing::{info, warn, debug};
use crate::stats::Stats; use crate::stats::Stats;
pub async fn serve(port: u16, stats: Arc<Stats>, whitelist: Vec<IpAddr>) { pub async fn serve(port: u16, stats: Arc<Stats>, whitelist: Vec<IpNetwork>) {
let addr = SocketAddr::from(([0, 0, 0, 0], port)); let addr = SocketAddr::from(([0, 0, 0, 0], port));
let listener = match TcpListener::bind(addr).await { let listener = match TcpListener::bind(addr).await {
Ok(l) => l, Ok(l) => l,
@ -32,7 +33,7 @@ pub async fn serve(port: u16, stats: Arc<Stats>, whitelist: Vec<IpAddr>) {
} }
}; };
if !whitelist.is_empty() && !whitelist.contains(&peer.ip()) { if !whitelist.is_empty() && !whitelist.iter().any(|net| net.contains(peer.ip())) {
debug!(peer = %peer, "Metrics request denied by whitelist"); debug!(peer = %peer, "Metrics request denied by whitelist");
continue; continue;
} }