DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replace base64 encoding with random uuid

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-08-22 09:33:56 -03:00
parent def5155aa6
commit a392f29956
2 changed files with 21 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
controllers/nginx/pkg/template/template.go
View file

@ -342,10 +342,8 @@ var (
func buildWhitelistVariable(s string) string { func buildWhitelistVariable(s string) string {
if _, ok := whitelistVarMap[s]; !ok { if _, ok := whitelistVarMap[s]; !ok {
str := base64.URLEncoding.EncodeToString([]byte(s)) whitelistVarMap[s] = buildRandomUUID()
whitelistVarMap[s] = strings.Replace(str, "=", "", -1)
} }
return whitelistVarMap[s] return whitelistVarMap[s]
} }
@ -362,11 +360,11 @@ func buildRateLimitZones(input interface{}) []string {
for _, server := range servers { for _, server := range servers {
for _, loc := range server.Locations { for _, loc := range server.Locations {
lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name)
whitelistVar := buildWhitelistVariable(loc.RateLimit.Name) whitelistVar := buildWhitelistVariable(lrn)
if loc.RateLimit.Connections.Limit > 0 { if loc.RateLimit.Connections.Limit > 0 {
zone := fmt.Sprintf("limit_conn_zone $%s_limit zone=%v:%vm;", zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;",
whitelistVar, whitelistVar,
loc.RateLimit.Connections.Name, loc.RateLimit.Connections.Name,
loc.RateLimit.Connections.SharedSize) loc.RateLimit.Connections.SharedSize)
@ -376,7 +374,7 @@ func buildRateLimitZones(input interface{}) []string {
} }
if loc.RateLimit.RPM.Limit > 0 { if loc.RateLimit.RPM.Limit > 0 {
zone := fmt.Sprintf("limit_req_zone $%s_limit zone=%v:%vm rate=%vr/m;", zone := fmt.Sprintf("limit_req_zone $limit_%s zone=%v:%vm rate=%vr/m;",
whitelistVar, whitelistVar,
loc.RateLimit.RPM.Name, loc.RateLimit.RPM.Name,
loc.RateLimit.RPM.SharedSize, loc.RateLimit.RPM.SharedSize,
@ -387,7 +385,7 @@ func buildRateLimitZones(input interface{}) []string {
} }
if loc.RateLimit.RPS.Limit > 0 { if loc.RateLimit.RPS.Limit > 0 {
zone := fmt.Sprintf("limit_req_zone $%s_limit zone=%v:%vm rate=%vr/s;", zone := fmt.Sprintf("limit_req_zone $limit_%s zone=%v:%vm rate=%vr/s;",
whitelistVar, whitelistVar,
loc.RateLimit.RPS.Name, loc.RateLimit.RPS.Name,
loc.RateLimit.RPS.SharedSize, loc.RateLimit.RPS.SharedSize,
@ -468,7 +466,7 @@ func buildDenyVariable(a interface{}) string {
l := a.(string) l := a.(string)
if _, ok := denyPathSlugMap[l]; !ok { if _, ok := denyPathSlugMap[l]; !ok {
denyPathSlugMap[l] = uuid.New() denyPathSlugMap[l] = buildRandomUUID()
} }
return fmt.Sprintf("$deny_%v", denyPathSlugMap[l]) return fmt.Sprintf("$deny_%v", denyPathSlugMap[l])
@ -541,3 +539,9 @@ func buildAuthSignURL(input interface{}) string {
return fmt.Sprintf("%v&rd=$request_uri", s) return fmt.Sprintf("%v&rd=$request_uri", s)
} }
// buildRandomUUID return a random string to be used in the template
func buildRandomUUID() string {
s := uuid.New()
return strings.Replace(s, "-", "", -1)
}

10
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -280,6 +280,8 @@ http {
{{ if isLocationAllowed $location }} {{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }} {{ if gt (len $location.Whitelist.CIDR) 0 }}
# Deny for {{ print $server.Hostname $path }}
geo $the_real_ip {{ buildDenyVariable (print $server.Hostname "_" $path) }} { geo $the_real_ip {{ buildDenyVariable (print $server.Hostname "_" $path) }} {
default 1; default 1;
@ -288,14 +290,18 @@ http {
} }
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ if ne $location.RateLimit.Name "" }} {{ if ne $location.RateLimit.Name "" }}
geo ${{ buildWhitelistVariable $location.RateLimit.Name }}_whitelist { # Ratelimit {{ $location.RateLimit.Name }}
{{ $rln := (print $server.Hostname "_" $location.RateLimit.Name) }}
geo $whitelist_{{ buildWhitelistVariable $rln }} {
default 0; default 0;
{{ range $ip := $location.RateLimit.Whitelist }} {{ range $ip := $location.RateLimit.Whitelist }}
{{ $ip }} 1;{{ end }} {{ $ip }} 1;{{ end }}
} }
map ${{ buildWhitelistVariable $location.RateLimit.Name }}_whitelist ${{ buildWhitelistVariable $location.RateLimit.Name }}_limit { # Ratelimit {{ $location.RateLimit.Name }}
map $whitelist_{{ buildWhitelistVariable $rln }} $limit_{{ buildWhitelistVariable $rln }} {
0 {{ $cfg.LimitConnZoneVariable }}; 0 {{ $cfg.LimitConnZoneVariable }};
1 ""; 1 "";
} }