From 7be49a8f2f798a1715095c638c502f98280e96fb Mon Sep 17 00:00:00 2001 From: Joe Chen Date: Mon, 25 Jul 2022 21:38:15 +0800 Subject: [PATCH] netutil: allow using `*` to match any hostname (#7111) # Conflicts: # internal/netutil/netutil_test.go --- CHANGELOG.md | 1 + conf/app.ini | 1 + internal/netutil/netutil.go | 2 +- internal/netutil/netutil_test.go | 7 +++++-- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e797c026c..569247910 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ All notable changes to Gogs are documented in this file. - Use [Task](https://github.com/go-task/task) as the build tool. [#6297](https://github.com/gogs/gogs/pull/6297) - The required Go version to compile source code changed to 1.16. - Access tokens are now stored using their SHA256 hashes instead of raw values. [#7008](https://github.com/gogs/gogs/pull/7008) +- Support using `[security] LOCAL_NETWORK_ALLOWLIST = *` to allow all hostnames. [#7111](https://github.com/gogs/gogs/pull/7111) ### Fixed diff --git a/conf/app.ini b/conf/app.ini index b0ebfc8e4..fd681a103 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -170,6 +170,7 @@ ENABLE_LOGIN_STATUS_COOKIE = false ; The cookie name to store user login status. LOGIN_STATUS_COOKIE_NAME = login_status ; A comma separated list of hostnames that are explicitly allowed to be accessed within the local network. +; Use "*" to allow all hostnames. LOCAL_NETWORK_ALLOWLIST = [email] diff --git a/internal/netutil/netutil.go b/internal/netutil/netutil.go index 8fef31150..2c457519b 100644 --- a/internal/netutil/netutil.go +++ b/internal/netutil/netutil.go @@ -52,7 +52,7 @@ func init() { // allowlist). func IsBlockedLocalHostname(hostname string, allowlist []string) bool { for _, allow := range allowlist { - if hostname == allow { + if hostname == allow || allow == "*" { return false } } diff --git a/internal/netutil/netutil_test.go b/internal/netutil/netutil_test.go index c91124909..404371d55 100644 --- a/internal/netutil/netutil_test.go +++ b/internal/netutil/netutil_test.go @@ -29,8 +29,11 @@ func TestIsLocalHostname(t *testing.T) { {hostname: "google.com", want: false}, {hostname: "165.232.140.255", want: false}, - {hostname: "192.168.123.45", allowlist: []string{"10.0.0.17"}, want: true}, - {hostname: "gogs.local", allowlist: []string{"gogs.local"}, want: false}, + + {hostname: "192.168.123.45", allowlist: []string{"10.0.0.17"}, want: true}, // #11 + {hostname: "gogs.local", allowlist: []string{"gogs.local"}, want: false}, // #12 + + {hostname: "192.168.123.45", allowlist: []string{"*"}, want: false}, // #13 } for _, test := range tests { t.Run("", func(t *testing.T) {