KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
integration
KNELProductionContainers/CloudronPackages/APISIX/apisix-source/apisix/plugins/ip-restriction/init.lua
ReachableCEO 54cc5f7308 feat(apisix): add Cloudron package 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
2025-09-04 09:42:47 -05:00

123 lines
3.2 KiB
Lua
Raw Permalink Blame History

--
-- Licensed to the Apache Software Foundation (ASF) under one or more
-- contributor license agreements. See the NOTICE file distributed with
-- this work for additional information regarding copyright ownership.
-- The ASF licenses this file to You under the Apache License, Version 2.0
-- (the "License"); you may not use this file except in compliance with
-- the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
local ipairs = ipairs
local core = require("apisix.core")
local lrucache = core.lrucache.new({
ttl = 300, count = 512
})
local schema = {
type = "object",
properties = {
message = {
type = "string",
minLength = 1,
maxLength = 1024,
default = "Your IP address is not allowed"
},
response_code = {
type = "integer",
minimum = 403,
maximum = 404,
default = 403
},
whitelist = {
type = "array",
items = {anyOf = core.schema.ip_def},
minItems = 1
},
blacklist = {
type = "array",
items = {anyOf = core.schema.ip_def},
minItems = 1
},
},
oneOf = {
{required = {"whitelist"}},
{required = {"blacklist"}},
},
}
local plugin_name = "ip-restriction"
local _M = {
version = 0.1,
priority = 3000,
name = plugin_name,
schema = schema,
}
function _M.check_schema(conf)
local ok, err = core.schema.check(schema, conf)
if not ok then
return false, err
end
-- we still need this as it is too complex to filter out all invalid IPv6 via regex
if conf.whitelist then
for _, cidr in ipairs(conf.whitelist) do
if not core.ip.validate_cidr_or_ip(cidr) then
return false, "invalid ip address: " .. cidr
end
end
end
if conf.blacklist then
for _, cidr in ipairs(conf.blacklist) do
if not core.ip.validate_cidr_or_ip(cidr) then
return false, "invalid ip address: " .. cidr
end
end
end
return true
end
function _M.restrict(conf, ctx)
local block = false
local remote_addr = ctx.var.remote_addr
if conf.blacklist then
local matcher = lrucache(conf.blacklist, nil,
core.ip.create_ip_matcher, conf.blacklist)
if matcher then
block = matcher:match(remote_addr)
end
end
if conf.whitelist then
local matcher = lrucache(conf.whitelist, nil,
core.ip.create_ip_matcher, conf.whitelist)
if matcher then
block = not matcher:match(remote_addr)
end
end
if block then
return conf.response_code, { message = conf.message }
end
end
return _M
View Git Blame Copy Permalink