WhitelistHandler.hpp

#pragma once
 
#include "util/config/ArrayView.hpp"
#include "util/config/ConfigDefinition.hpp"
#include "util/config/ValueView.hpp"
#include "web/Resolver.hpp"
#include "web/dosguard/WhitelistHandlerInterface.hpp"
 
#include <boost/asio.hpp>
#include <boost/asio/ip/address.hpp>
#include <boost/asio/ip/network_v4.hpp>
#include <boost/asio/ip/network_v6.hpp>
#include <boost/iterator/transform_iterator.hpp>
#include <fmt/format.h>
 
#include <algorithm>
#include <optional>
#include <string>
#include <string_view>
#include <unordered_set>
#include <utility>
#include <vector>
 
namespace web::dosguard {

class Whitelist {
    std::vector<boost::asio::ip::network_v4> subnetsV4_;
    std::vector<boost::asio::ip::network_v6> subnetsV6_;
    std::vector<boost::asio::ip::address> ips_;
 
public:
    std::expected<void, std::string>
    add(std::string_view net);

    [[nodiscard]] bool
    isWhiteListed(std::string_view ip) const;
 
private:
    static bool
    isInV4Subnet(boost::asio::ip::address const& addr, boost::asio::ip::network_v4 const& subnet);
 
    static bool
    isInV6Subnet(boost::asio::ip::address const& addr, boost::asio::ip::network_v6 const& subnet);
 
    static bool
    isV4(std::string_view net);
 
    static bool
    isV6(std::string_view net);
 
    static bool
    isMask(std::string_view net);
};

class WhitelistHandler : public WhitelistHandlerInterface {
    Whitelist whitelist_;
 
public:
    explicit WhitelistHandler(Whitelist whitelist);

    template <SomeResolver HostnameResolverType = Resolver>
    static std::expected<WhitelistHandler, std::string>
    create(util::config::ClioConfigDefinition const& config, HostnameResolverType&& resolver = {})
    {
        std::unordered_set<std::string> const arr =
            getWhitelist(config, std::forward<HostnameResolverType>(resolver));
        Whitelist whitelist;
        std::optional<std::string> errors;
        for (auto const& net : arr) {
            if (auto result = whitelist.add(net); !result.has_value()) {
                if (!errors.has_value())
                    errors.emplace();
                errors->append(std::move(result).error());
            }
        }
        if (errors.has_value()) {
            return std::unexpected{std::move(errors).value()};
        }
        return WhitelistHandler(std::move(whitelist));
    }

    [[nodiscard]] bool
    isWhiteListed(std::string_view ip) const override
    {
        return whitelist_.isWhiteListed(ip);
    }
 
private:
    template <SomeResolver HostnameResolverType>
    [[nodiscard]] static std::unordered_set<std::string>
    getWhitelist(util::config::ClioConfigDefinition const& config, HostnameResolverType&& resolver)
    {
        auto const whitelist = config.getArray("dos_guard.whitelist");
        std::unordered_set<std::string> hostnames{};
        // resolve hostnames to ips
        std::unordered_set<std::string> ips;
 
        for (auto it = whitelist.begin<util::config::ValueView>();
             it != whitelist.end<util::config::ValueView>();
             ++it)
            hostnames.insert((*it).asString());
 
        for (auto const& hostname : hostnames) {
            auto resolvedIps = resolver.resolve(hostname);
            for (auto& ip : resolvedIps) {
                ips.insert(std::move(ip));
            }
        };
 
        return ips;
    }
};
 
}  // namespace web::dosguard