Merge pull request #1 from disaderp/main

Add possibility to preset whitelisted IPs
l4rm4nd · Jun 16, 2024 · 638a216 · 638a216
2 parents 9c34889 + bab9b61
commit 638a216
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -64,6 +64,7 @@ Following environment variables are available:
 | APPURL                              | The URL of the traefikshaper application for admin approval requests.                                                                 | Optional    | http://localhost:5000  | `https://traefikshaper.example.com`   |
 | GRANT_HTTP_ENDPOINT                 | The HTTP endpoint for clients to request access.                                                                                      | Optional    | /knock-knock           | `/letmein`                            |
 | EXCLUDED_IPS                        | The `excludeips` ip strategy used in the `IPAllowList` middleware. Use and define IP addresses to exclude as comma-separated string.  | Optional    |                        | `103.21.244.0/22,103.22.200.0/22`     |
+| WHITELISTED_IPS                        | Adds permanent ip to the `IPAllowList`. Use and define IP addresses to exclude as comma-separated string.  | Optional    |                        | `103.21.244.0/22,103.22.200.0/22`     |
 | IPSTRATEGY_DEPTH                    | The `depth` ip strategy used in the `IPAllowList` middleware. Use `1` if Traefik runs behind another proxy (e.g., CloudFlare).        | Optional    | 0                      | `1`                                   | 
 | DEFAULT_PRIVATE_CLASS_SOURCE_RANGE  | If set to `True`, adds the private class subnets 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 as default to the IPAllowList.          | Optional    | False                  | `True`                                | 
 | EXPIRATION_TIME                     | Expiration time for grants in seconds.                                                                                                | Optional    | 300                    | `3600`                                |

diff --git a/update_whitelist.py b/update_whitelist.py
@@ -67,6 +67,8 @@ def overwrite_middleware():
 
     # Get default source range from environment variable
     DEFAULT_PRIVATE_CLASS_SOURCE_RANGE = os.getenv('DEFAULT_PRIVATE_CLASS_SOURCE_RANGE')
+    # Get whitelisted IPs
+    WHITELISTED_IPS = os.getenv('WHITELISTED_IPS', None)
     # Get IP strategy depth from environment variable or default to 0
     IPSTRATEGY_DEPTH = int(os.getenv('IPSTRATEGY_DEPTH', 0))
     # Get IP strategy exclude ips from environment variable
@@ -79,6 +81,10 @@ def overwrite_middleware():
         # allow localhost only as default
         DEFAULT_SOURCE_RANGE = ['127.0.0.1/32']
 
+    if WHITELISTED_IPS != None:
+        WHITELISTED_IPS = WHITELISTED_IPS.split(',')
+        DEFAULT_SOURCE_RANGE.append(WHITELISTED_IPS)
+
     if EXCLUDED_IPS != None:
         EXCLUDED_IPS = EXCLUDED_IPS.split(',')