Home Explore Help
Sign In
txlyre
/
3x-ui
mirror of https://github.com/MHSanaei/3x-ui
1
0
Fork 0
Files Issues 0 Wiki
Tree: 61ab602887
Branches Tags
3x-ui
/
util
/
netsafe
/
netsafe.go

netsafe.go 2.0 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. package netsafe
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"fmt"
    6. 

  6. 	"net"
    7. 

  7. 	"regexp"
    8. 

  8. 	"strings"
    9. 

  9. 	"time"
    10. 

  10. )
    11. 

  11. 

  12. func IsBlockedIP(ip net.IP) bool {
    13. 

  13. 	return ip.IsLoopback() || ip.IsPrivate() || ip.IsLinkLocalUnicast() ||
    14. 

  14. 		ip.IsLinkLocalMulticast() || ip.IsUnspecified()
    15. 

  15. }
    16. 

  16. 

  17. type allowPrivateCtxKey struct{}
    18. 

  18. 

  19. func ContextWithAllowPrivate(ctx context.Context, allow bool) context.Context {
    20. 

  20. 	return context.WithValue(ctx, allowPrivateCtxKey{}, allow)
    21. 

  21. }
    22. 

  22. 

  23. func AllowPrivateFromContext(ctx context.Context) bool {
    24. 

  24. 	v, _ := ctx.Value(allowPrivateCtxKey{}).(bool)
    25. 

  25. 	return v
    26. 

  26. }
    27. 

  27. 

  28. var defaultDialer = &net.Dialer{Timeout: 10 * time.Second}
    29. 

  29. 

  30. func SSRFGuardedDialContext(ctx context.Context, network, addr string) (net.Conn, error) {
    31. 

  31. 	host, port, err := net.SplitHostPort(addr)
    32. 

  32. 	if err != nil {
    33. 

  33. 		return nil, err
    34. 

  34. 	}
    35. 

  35. 	allowPrivate := AllowPrivateFromContext(ctx)
    36. 

  36. 	var ips []net.IPAddr
    37. 

  37. 	if ip := net.ParseIP(host); ip != nil {
    38. 

  38. 		ips = []net.IPAddr{{IP: ip}}
    39. 

  39. 	} else {
    40. 

  40. 		ips, err = net.DefaultResolver.LookupIPAddr(ctx, host)
    41. 

  41. 		if err != nil {
    42. 

  42. 			return nil, err
    43. 

  43. 		}
    44. 

  44. 	}
    45. 

  45. 	var lastErr error
    46. 

  46. 	for _, ipAddr := range ips {
    47. 

  47. 		if !allowPrivate && IsBlockedIP(ipAddr.IP) {
    48. 

  48. 			lastErr = fmt.Errorf("blocked private/internal address %s", ipAddr.IP)
    49. 

  49. 			continue
    50. 

  50. 		}
    51. 

  51. 		conn, derr := defaultDialer.DialContext(ctx, network, net.JoinHostPort(ipAddr.IP.String(), port))
    52. 

  52. 		if derr == nil {
    53. 

  53. 			return conn, nil
    54. 

  54. 		}
    55. 

  55. 		lastErr = derr
    56. 

  56. 	}
    57. 

  57. 	if lastErr == nil {
    58. 

  58. 		lastErr = fmt.Errorf("no usable address for %s", host)
    59. 

  59. 	}
    60. 

  60. 	return nil, lastErr
    61. 

  61. }
    62. 

  62. 

  63. var hostnamePattern = regexp.MustCompile(`^[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])?(\.[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])?)*$`)
    64. 

  64. 

  65. func NormalizeHost(addr string) (string, error) {
    66. 

  66. 	addr = strings.TrimSpace(addr)
    67. 

  67. 	if addr == "" {
    68. 

  68. 		return "", fmt.Errorf("address is required")
    69. 

  69. 	}
    70. 

  70. 	if strings.HasPrefix(addr, "[") && strings.HasSuffix(addr, "]") {
    71. 

  71. 		addr = addr[1 : len(addr)-1]
    72. 

  72. 	}
    73. 

  73. 	if ip := net.ParseIP(addr); ip != nil {
    74. 

  74. 		return ip.String(), nil
    75. 

  75. 	}
    76. 

  76. 	if len(addr) > 253 || !hostnamePattern.MatchString(addr) {
    77. 

  77. 		return "", fmt.Errorf("invalid host %q", addr)
    78. 

  78. 	}
    79. 

  79. 	return addr, nil
    80. 

  80. }
    81.