mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-16 23:41:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Drop first

Browse source
This commit is contained in:
Owen 2025-02-09 21:56:39 -05:00
parent 2428738fa6
commit 5e92aebd20
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
1 changed files with 32 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

40
server/routers/badger/verifySession.ts
View file

@ -485,18 +485,42 @@ async function checkRules(
return; return;
} }
let hasAcceptRule = false;
// First pass: look for DROP rules
for (const rule of rules) { for (const rule of rules) {
if ( if (
clientIp && (clientIp &&
rule.match == "CIDR" && rule.match == "CIDR" &&
isIpInCidr(clientIp, rule.value) isIpInCidr(clientIp, rule.value) &&
rule.action === "DROP") ||
(path &&
rule.match == "PATH" &&
urlGlobToRegex(rule.value).test(path) &&
rule.action === "DROP")
) { ) {
return rule.action as "ACCEPT" | "DROP"; return "DROP";
} else if (path && rule.match == "PATH") { }
// rule.value is a regex, match on the path and see if it matches // Track if we see any ACCEPT rules for the second pass
const re = urlGlobToRegex(rule.value); if (rule.action === "ACCEPT") {
if (re.test(path)) { hasAcceptRule = true;
return rule.action as "ACCEPT" | "DROP"; }
}
// Second pass: only check ACCEPT rules if we found one and didn't find a DROP
if (hasAcceptRule) {
for (const rule of rules) {
if (rule.action !== "ACCEPT") continue;
if (
(clientIp &&
rule.match == "CIDR" &&
isIpInCidr(clientIp, rule.value)) ||
(path &&
rule.match == "PATH" &&
urlGlobToRegex(rule.value).test(path))
) {
return "ACCEPT";
} }
} }
} }