-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathapp.fix.rb
More file actions
42 lines (38 loc) · 960 Bytes
/
app.fix.rb
File metadata and controls
42 lines (38 loc) · 960 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
require 'roda'
require 'resolv'
require 'httpx'
RESOLVER_CONFIG = {
:nameserver => ['127.0.0.153'],
:nameserver_port => [['127.0.0.153', 5353]]
}
def trusted?(host)
# whitelist to only allow requests on our internal website
authorized_ips = ['10.10.0.200', '10.10.0.201']
r = Resolv::DNS.new(RESOLVER_CONFIG)
authorized_ips.include?(r.getaddress(host).to_s)
end
# configure http client
def http
HTTPX.with(resolver_class: :native, :resolver_options => RESOLVER_CONFIG)
.with(timeout: { connect_timeout: 10 })
.plugin(:follow_redirects)
.plugin(:cookies)
.plugin(:compression)
.plugin(:h2c)
end
class App < Roda
route do |r|
r.on 'admin' do
r.get 'proxy' do
url = URI(r.params['url'])
host = url.host
if trusted?(host)
res = http.get(url)
res.error ? "Connection failed" : res.to_s
else
"Unauthorized target"
end
end
end
end
end