Support restricting API token access based on IP address

2026-03-04 23:46:02 +08:00
parent f0f3143605
commit 404cd62d7b
4 changed files with 84 additions and 21 deletions
@@ -0,0 +1,39 @@
+package middlewares
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// APITokenIpLimit limits API token access based on IP address
+func APITokenIpLimit(config *settings.Config) core.MiddlewareHandlerFunc {
+	return func(c *core.WebContext) {
+		claims := c.GetTokenClaims()
+
+		if claims == nil {
+			c.Next()
+			return
+		}
+
+		if claims.Type != core.USER_TOKEN_TYPE_API {
+			c.Next()
+			return
+		}
+
+		if len(config.APITokenAllowedRemoteIPs) < 1 {
+			c.Next()
+			return
+		}
+
+		for i := 0; i < len(config.APITokenAllowedRemoteIPs); i++ {
+			if config.APITokenAllowedRemoteIPs[i].Match(c.ClientIP()) {
+				c.Next()
+				return
+			}
+		}
+
+		utils.PrintJsonErrorResult(c, errs.ErrIPForbidden)
+	}
+}