jhen0409 / actix-ip-filter Goto Github PK

The dependency in Cargo.toml should ideally be:

- actix-web = "3.0.2"
+ actix-web = { version = "3.0.2", default-features = false }

There should be a way to modify the default Forbidden error response using a function handler.
For example:

fn my_custom_handler(filter: IPFilter, ip: &str) -> ServiceResponse {
     // Do smth
}
IPFilter::new().block(vec!["192.168.*.11?"]).on_block(my_custom_handler);

This would also bring the possibility to add an allow callback so that the user can do something like logging an IP when it is allowed through the IP filter:

fn my_custom_handler(filter: IPFilter, ip: &str) -> impl ServiceResponse {
     // Do smth
}

fn log_ip(filter: IPFilter, ip: &str) {
    // Do smth
}
IPFilter::new().block(vec!["192.168.*.11?"]).on_block(my_custom_handler).on_allow(log_ip);

I will try to implement this when #3 is merged or closed.

Hello!

I was wondering if there is any support to block a single path or pattern of paths instead of all requests app-wide.

For example, let's say I want to block /myapi/v1/protected but not the rest of the endpoints.

I know I could probably end up using wrap_fn and checking for the request path in the ServiceRequest and then returning:

IPFilter::new().allow(vec!["127.0.0.1"]).block(vec!["*.*.*.*"])

or

IPFilter::new().allow()

But I want something more idiomatic and concise. If this library doesn't support it I can try to implement it and open a PR if you are interested.

I have in mind using a vec of structs containing the IP pattern and the path pattern or also chaining a call to another function:

IPFilter::new().allow(
    vec![SingleFilter {
        ip: "127.0.0.1",
        path: "/myapi/v1/protected/*"     
    }]
).block(vec!["*.*.*.*"])

or

IPFilter::new().allow(vec!["127.0.0.1"]).block(vec!["*.*.*.*"]).limit_to("/myapi/v1/protected/*")

Let me know what you think about it 😄 !