MCPcopy
hub / github.com/caddyserver/caddy / MatchWithError

Method MatchWithError

modules/caddyhttp/ip_matchers.go:262–282  ·  view source on GitHub ↗

MatchWithError returns true if r matches m.

(r *http.Request)

Source from the content-addressed store, hash-verified

260
261// MatchWithError returns true if r matches m.
262func (m MatchClientIP) MatchWithError(r *http.Request) (bool, error) {
263 // if handshake is not finished, we infer 0-RTT that has
264 // not verified remote IP; could be spoofed, so we throw
265 // HTTP 425 status to tell the client to try again after
266 // the handshake is complete
267 if r.TLS != nil && !r.TLS.HandshakeComplete {
268 return false, Error(http.StatusTooEarly, fmt.Errorf("TLS handshake not complete, remote IP cannot be verified"))
269 }
270
271 address := GetVar(r.Context(), ClientIPVarKey).(string)
272 clientIP, zoneID, err := parseIPZoneFromString(address)
273 if err != nil {
274 m.logger.Error("getting client IP", zap.Error(err))
275 return false, nil
276 }
277 matches, zoneFilter := matchIPByCidrZones(clientIP, zoneID, m.cidrs, m.zones)
278 if !matches && !zoneFilter {
279 m.logger.Debug("zone ID from client IP did not match", zap.String("zone", zoneID))
280 }
281 return matches, nil
282}
283
284func provisionCidrsZonesFromRanges(ranges []string) ([]*netip.Prefix, []string, error) {
285 cidrs := []*netip.Prefix{}

Callers 1

MatchMethod · 0.95

Calls 6

GetVarFunction · 0.85
parseIPZoneFromStringFunction · 0.85
matchIPByCidrZonesFunction · 0.85
ErrorFunction · 0.70
ErrorMethod · 0.45
StringMethod · 0.45

Tested by

no test coverage detected