From 5c9de12d8282c4d51f8e9f96edcd6fb5495ca802 Mon Sep 17 00:00:00 2001
From: Andrey Storchak <andrey.storchak@gmail.com>
Date: Sun, 21 Feb 2016 11:00:14 +0200
Subject: [PATCH] Added controller authorization possibility. It's only quick
 fix, normal authentication process should be added

---
 config.json  |  3 ++-
 fail2rest.go | 15 ++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index efcd003..8fb1658 100644
--- a/config.json
+++ b/config.json
@@ -1,4 +1,5 @@
 {
   "Addr": "127.0.0.1:5000",
-  "Fail2banSocket": "/var/run/fail2ban/fail2ban.sock"
+  "Fail2banSocket": "/var/run/fail2ban/fail2ban.sock",
+  "ControllerIp": "127.0.0.1"
 }
diff --git a/fail2rest.go b/fail2rest.go
index 50faee7..31cd6cb 100644
--- a/fail2rest.go
+++ b/fail2rest.go
@@ -8,15 +8,28 @@ import (
 	"github.com/gorilla/mux"
 	"net/http"
 	"os"
+	"strings"
 )
 
 type Configuration struct {
 	Addr           string
 	Fail2banSocket string
+	ControllerIp   string
 }
 
 var fail2goConn *fail2go.Conn
 
+func controllerIpFilterMiddleware(h http.Handler, allowedIpAddress string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		requestSource := strings.Split(r.RemoteAddr, ":")
+		if requestSource[0] != allowedIpAddress {
+			http.Error(w, "Not authorized", http.StatusForbidden)
+			return
+		}
+		h.ServeHTTP(w, r)
+	})
+}
+
 func main() {
 	configPath := flag.String("config", "config.json", "path to config.json")
 	flag.Parse()
@@ -45,6 +58,6 @@ func main() {
 		whoisHandler(res, req, fail2goConn)
 	}).Methods("GET")
 
-	http.Handle("/", r)
+	http.Handle("/", controllerIpFilterMiddleware(r, configuration.ControllerIp))
 	fmt.Println(http.ListenAndServe(configuration.Addr, nil))
 }