feat(config): allow global bypass by ip

This commit is contained in:
Scott McKendry
2026-05-22 05:28:23 +12:00
parent 8849d7e00f
commit 1f446d5897
4 changed files with 66 additions and 11 deletions
+7 -4
View File
@@ -224,15 +224,18 @@ func (rule *IPAllowedRule) Evaluate(ctx *ACLContext) Effect {
}
type IPBypassedRule struct {
Log *logger.Logger
Log *logger.Logger
Config model.Config
}
func (rule *IPBypassedRule) Evaluate(ctx *ACLContext) Effect {
if ctx.ACLs == nil {
return EffectDeny
// merge global and per-app bypass lists
bypassList := append([]string{}, rule.Config.Auth.IP.Bypass...)
if ctx.ACLs != nil {
bypassList = append(bypassList, ctx.ACLs.IP.Bypass...)
}
for _, bypassed := range ctx.ACLs.IP.Bypass {
for _, bypassed := range bypassList {
match, err := utils.CheckIPFilter(bypassed, ctx.IP.String())
if err != nil {
rule.Log.App.Warn().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")