diff options
| author | Nick Thomas <nick@gitlab.com> | 2019-10-08 11:08:01 +0000 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2019-10-08 11:08:01 +0000 |
| commit | 9ba79e43395cf09e3c5904c541a011ea25b620f1 (patch) | |
| tree | 77a047170356f252407b872a4b84bb8338868565 | |
| parent | a29b48ed8e36677c42acde1756e84982b580bc58 (diff) | |
| parent | 4190843952861b9db7cc786a140be3aeb7632cbc (diff) | |
| download | gitlab-shell-9ba79e43395cf09e3c5904c541a011ea25b620f1.tar.gz | |
Merge branch 'add-ip-address-to-call-to-rails-api' into 'master'
Extend group IP restriction to Git activity
See merge request gitlab-org/gitlab-shell!335
| -rw-r--r-- | go/internal/gitlabnet/accessverifier/client.go | 4 | ||||
| -rw-r--r-- | go/internal/sshenv/sshenv.go | 15 | ||||
| -rw-r--r-- | go/internal/sshenv/sshenv_test.go | 20 | ||||
| -rw-r--r-- | go/internal/testhelper/testhelper.go | 6 |
4 files changed, 45 insertions, 0 deletions
diff --git a/go/internal/gitlabnet/accessverifier/client.go b/go/internal/gitlabnet/accessverifier/client.go index 92a7434..880fff5 100644 --- a/go/internal/gitlabnet/accessverifier/client.go +++ b/go/internal/gitlabnet/accessverifier/client.go @@ -8,6 +8,7 @@ import ( "gitlab.com/gitlab-org/gitlab-shell/go/internal/command/commandargs" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config" "gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet" + "gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv" ) const ( @@ -26,6 +27,7 @@ type Request struct { Protocol string `json:"protocol"` KeyId string `json:"key_id,omitempty"` Username string `json:"username,omitempty"` + CheckIp string `json:"check_ip,omitempty"` } type Gitaly struct { @@ -80,6 +82,8 @@ func (c *Client) Verify(args *commandargs.Shell, action commandargs.CommandType, request.KeyId = args.GitlabKeyId } + request.CheckIp = sshenv.LocalAddr() + response, err := c.client.Post("/allowed", request) if err != nil { return nil, err diff --git a/go/internal/sshenv/sshenv.go b/go/internal/sshenv/sshenv.go new file mode 100644 index 0000000..387feb2 --- /dev/null +++ b/go/internal/sshenv/sshenv.go @@ -0,0 +1,15 @@ +package sshenv + +import ( + "os" + "strings" +) + +func LocalAddr() string { + address := os.Getenv("SSH_CONNECTION") + + if address != "" { + return strings.Fields(address)[0] + } + return "" +} diff --git a/go/internal/sshenv/sshenv_test.go b/go/internal/sshenv/sshenv_test.go new file mode 100644 index 0000000..d2207f5 --- /dev/null +++ b/go/internal/sshenv/sshenv_test.go @@ -0,0 +1,20 @@ +package sshenv + +import ( + "testing" + + "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitlab-shell/go/internal/testhelper" +) + +func TestLocalAddr(t *testing.T) { + cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0") + require.NoError(t, err) + defer cleanup() + + require.Equal(t, LocalAddr(), "127.0.0.1") +} + +func TestEmptyLocalAddr(t *testing.T) { + require.Equal(t, LocalAddr(), "") +} diff --git a/go/internal/testhelper/testhelper.go b/go/internal/testhelper/testhelper.go index 5c900aa..a925c79 100644 --- a/go/internal/testhelper/testhelper.go +++ b/go/internal/testhelper/testhelper.go @@ -85,3 +85,9 @@ func getTestDataDir() (string, error) { return path.Join(path.Dir(currentFile), "testdata"), nil } + +func Setenv(key, value string) (func(), error) { + oldValue := os.Getenv(key) + err := os.Setenv(key, value) + return func() { os.Setenv(key, oldValue) }, err +} |