Giter Club home page Giter Club logo

lua-resty-iputils's Introduction

#lua-resty-iputils

Collection of utility functions for working with IP addresses.

#Overview

init_by_lua '
  local iputils = require("resty.iputils")
  iputils.enable_lrucache()
  local whitelist_ips = {
      "127.0.0.1",
      "10.10.10.0/24",
      "192.168.0.0/16",
  }

  -- WARNING: Global variable, recommend this is cached at the module level
  -- https://github.com/openresty/lua-nginx-module#data-sharing-within-an-nginx-worker
  whitelist = iputils.parse_cidrs(whitelist_ips)
';

access_by_lua '
    local iputils = require("resty.iputils")
    if not iputils.ip_in_cidrs(ngx.var.remote_addr, whitelist) then
      return ngx.exit(ngx.HTTP_FORBIDDEN)
    end
';

#Methods

enable_lrucache

syntax: ok, err = iputils.enable_lrucache(size?)

Creates a global lrucache object for caching ip2bin lookups.

Size is optional and defaults to 4000 entries (~1MB per worker)

Calling this repeatedly will reset the cache

ip2bin

syntax: bin_ip, bin_octets = iputils.ip2bin(ip)

Returns the binary representation of an IPv4 address and a table containing the binary representation of each octet

Returns nil and and error message for bad IPs

parse_cidr

syntax: lower, upper = iputils.parse_cidr(cidr)

Returns a binary representation of the lowest (network) and highest (broadcast) addresses of an IPv4 network.

parse_cidrs

syntax: parsed = iputils.parse_cidrs(cidrs)

Takes a table of CIDR format IPV4 networks and returns a table of tables containg the lower and upper addresses.

If an invalid network is in the table an error is logged and the other networks are returned

ip_in_cidrs

syntax: bool, err = iputils.ip_in_cidrs(ip, cidrs)

Takes a string IPv4 address and a table of parsed CIDRs (e.g. from iputils.parse_cidrs).

Returns a true or false if the IP exists within any of the specified networks.

Returns nil and an error message with an invalid IP

binip_in_cidrs

syntax: bool, err = iputils.binip_in_cidrs(bin_ip, cidrs)

Takes a nginx binary IPv4 address (e.g. ngx.var.binary_remote_addr) and a table of parsed CIDRs (e.g. from iputils.parse_cidrs).

This method is much faster than ip_in_cidrs() if the IP being checked is already available as a binary representation.

Returns a true or false if the IP exists within any of the specified networks.

Returns nil and an error message with an invalid IP

##TODO

lua-resty-iputils's People

Contributors

hamishforbes avatar subnetmarco avatar gui avatar membphis avatar

Watchers

James Cloos avatar nero avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.