Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IsClientAllowed in RedisInformationMiddleware #430

Open
half-naan opened this issue Sep 17, 2021 · 2 comments
Open

IsClientAllowed in RedisInformationMiddleware #430

half-naan opened this issue Sep 17, 2021 · 2 comments

Comments

@half-naan
Copy link

half-naan commented Sep 17, 2021
edited
Loading

When using app.UseRedisInformation we are required to send an empty array of Allowed IP's even when we just want to use lambda function for IsClientAllowed in RedisInformationMiddleware to access /redis/connectionInfo and /redis/info.

app.UseRedisInformation(options =>
            {
                options.AllowedIPs = new System.Net.IPAddress[0];//required
                options.AllowFunction = (HttpContext ctx) =>
                {
                    // My custom logic
                    if (ctx.User.Identity.IsAuthenticated && ctx.User.IsInRole("Admin"))
                        return true;
                    return false;
                };
            });

Ideally, we should be able to skip the IP as needed.

app.UseRedisInformation(options =>
            {
                options.AllowFunction = (HttpContext ctx) =>
                {
                    // My custom logic
                    if (ctx.User.Identity.IsAuthenticated && ctx.User.IsInRole("Admin"))
                        return true;
                    return false;
                };
            });

Right now the source code is written that if there is no IP list provided it completely ignores the lambda function. Perhaps we can break IsClientAllowed in RedisInformationMiddleware to 3 different scenarios?

1). Both IP and lambda function are provided

2). Only IP list check

3). Only lambda function check
@LeaFrock
Copy link
Collaborator

LeaFrock commented Nov 1, 2024

It's a break change but makes some sense.

Do you think it's a chance to change it when we're preparing for .NET 9 release? @imperugo

    private bool IsClientAllowed(HttpContext context)
    {
        // Make `AllowFunction` higher priority so that users can use `AllowedIPs` in their own logic.
        var allowFunc = options.AllowFunction;
        if (allowFunc != null)
            return allowFunc.Invoke(context);

        var allowIPs = options.AllowedIPs;
        // TODO: The IP isn't real in a reverse-proxy environment. Maybe we can improve it and handle more simple scenarios.
        if (allowIPs is { Length: > 0 })
            return Array.Exists(allowIPs, p => p.Equals(context.Connection.RemoteIpAddress));

        return false; // If both are null, return T or F?
    }

@imperugo
Copy link
Owner

imperugo commented Nov 1, 2024

@LeaFrock yes is something that we can add to the next major release.
Let's put it into your branch, but we have to remember to update documentation (maybe with a specific version for migration from version X to Y)

@LeaFrock LeaFrock mentioned this issue Nov 20, 2024
Draft
imperugo added a commit that referenced this issue Nov 20, 2024
@imperugo
https://github.com/imperugo/StackExchange.Redis.Extensions/issues/430
a9507f1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@imperugo @LeaFrock @half-naan