登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

Ragus/gost

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
permissions.go 4.54 KB
一键复制 编辑 原始数据 按行查看 历史
rui.zheng 提交于 2017-08-13 09:30 . add test files
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
package gost



import (

	"errors"

	"fmt"

	"net"

	"strconv"

	"strings"



	glob "github.com/ryanuber/go-glob"

)



// Permission is a rule for blacklist and whitelist.

type Permission struct {

	Actions StringSet

	Hosts   StringSet

	Ports   PortSet

}



// PortRange specifies the range of port, such as 1000-2000.

type PortRange struct {

	Min, Max int

}



// ParsePortRange parses the s to a PortRange.

// The s may be a '*' means 0-65535.

func ParsePortRange(s string) (*PortRange, error) {

	if s == "*" {

		return &PortRange{Min: 0, Max: 65535}, nil

	}



	minmax := strings.Split(s, "-")

	switch len(minmax) {

	case 1:

		port, err := strconv.Atoi(s)

		if err != nil {

			return nil, err

		}

		if port < 0 || port > 65535 {

			return nil, fmt.Errorf("invalid port: %s", s)

		}

		return &PortRange{Min: port, Max: port}, nil

	case 2:

		min, err := strconv.Atoi(minmax[0])

		if err != nil {

			return nil, err

		}

		max, err := strconv.Atoi(minmax[1])

		if err != nil {

			return nil, err

		}



		realmin := maxint(0, minint(min, max))

		realmax := minint(65535, maxint(min, max))



		return &PortRange{Min: realmin, Max: realmax}, nil

	default:

		return nil, fmt.Errorf("invalid range: %s", s)

	}

}



// Contains checks whether the value is within this range.

func (ir *PortRange) Contains(value int) bool {

	return value >= ir.Min && value <= ir.Max

}



// PortSet is a set of PortRange

type PortSet []PortRange



// ParsePortSet parses the s to a PortSet.

// The s shoud be a comma separated string.

func ParsePortSet(s string) (*PortSet, error) {

	ps := &PortSet{}



	if s == "" {

		return nil, errors.New("must specify at least one port")

	}



	ranges := strings.Split(s, ",")



	for _, r := range ranges {

		portRange, err := ParsePortRange(r)



		if err != nil {

			return nil, err

		}



		*ps = append(*ps, *portRange)

	}



	return ps, nil

}



// Contains checks whether the value is within this port set.

func (ps *PortSet) Contains(value int) bool {

	for _, portRange := range *ps {

		if portRange.Contains(value) {

			return true

		}

	}



	return false

}



// StringSet is a set of string.

type StringSet []string



// ParseStringSet parses the s to a StringSet.

// The s shoud be a comma separated string.

func ParseStringSet(s string) (*StringSet, error) {

	ss := &StringSet{}

	if s == "" {

		return nil, errors.New("cannot be empty")

	}



	*ss = strings.Split(s, ",")



	return ss, nil

}



// Contains checks whether the string subj within this StringSet.

func (ss *StringSet) Contains(subj string) bool {

	for _, s := range *ss {

		if glob.Glob(s, subj) {

			return true

		}

	}



	return false

}



// Permissions is a set of Permission.

type Permissions []Permission



// ParsePermissions parses the s to a Permissions.

func ParsePermissions(s string) (*Permissions, error) {

	ps := &Permissions{}



	if s == "" {

		return &Permissions{}, nil

	}



	perms := strings.Split(s, " ")



	for _, perm := range perms {

		parts := strings.Split(perm, ":")



		switch len(parts) {

		case 3:

			actions, err := ParseStringSet(parts[0])



			if err != nil {

				return nil, fmt.Errorf("action list must look like connect,bind given: %s", parts[0])

			}



			hosts, err := ParseStringSet(parts[1])



			if err != nil {

				return nil, fmt.Errorf("hosts list must look like google.pl,*.google.com given: %s", parts[1])

			}



			ports, err := ParsePortSet(parts[2])



			if err != nil {

				return nil, fmt.Errorf("ports list must look like 80,8000-9000, given: %s", parts[2])

			}



			permission := Permission{Actions: *actions, Hosts: *hosts, Ports: *ports}



			*ps = append(*ps, permission)

		default:

			return nil, fmt.Errorf("permission must have format [actions]:[hosts]:[ports] given: %s", perm)

		}

	}



	return ps, nil

}



// Can tests whether the given action and host:port is allowed by this Permissions.

func (ps *Permissions) Can(action string, host string, port int) bool {

	for _, p := range *ps {

		if p.Actions.Contains(action) && p.Hosts.Contains(host) && p.Ports.Contains(port) {

			return true

		}

	}



	return false

}



func minint(x, y int) int {

	if x < y {

		return x

	}

	return y

}



func maxint(x, y int) int {

	if x > y {

		return x

	}

	return y

}



// Can tests whether the given action and address is allowed by the whitelist and blacklist.

func Can(action string, addr string, whitelist, blacklist *Permissions) bool {

	if !strings.Contains(addr, ":") {

		addr = addr + ":80"

	}

	host, strport, err := net.SplitHostPort(addr)



	if err != nil {

		return false

	}



	port, err := strconv.Atoi(strport)



	if err != nil {

		return false

	}



	return (whitelist == nil || whitelist.Can(action, host, port)) &&

		(blacklist == nil || !blacklist.Can(action, host, port))

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/ragus/gost.git
git@gitee.com:ragus/gost.git
ragus
gost
gost
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部