feat(acl): connection level ip/geo blocking

- fixed access log logic - implement acl at connection level - acl logging - ip/cidr blocking - geoblocking with MaxMind database
2026-04-23 00:38:33 +02:00 · 2025-04-25 10:47:52 +08:00
parent e513db62b0
commit b427ff1f88
32 changed files with 1359 additions and 193 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -197,6 +197,7 @@ func (cfg *Config) StartServers(opts ...*StartServersOptions) {
 			HTTPAddr:     common.ProxyHTTPAddr,
 			HTTPSAddr:    common.ProxyHTTPSAddr,
 			Handler:      cfg.entrypoint,
+			ACL:          cfg.value.ACL,
 		})
 	}
 	if opt.API {
@@ -237,6 +238,14 @@ func (cfg *Config) load() gperr.Error {
 		}
 	}
 	cfg.entrypoint.SetFindRouteDomains(model.MatchDomains)
+	if model.ACL.Valid() {
+		err := model.ACL.Start(cfg.task)
+		if err != nil {
+			errs.Add(err)
+		} else {
+			logging.Info().Msg("ACL started")
+		}
+	}

 	return errs.Error()
 }
--- a/internal/config/types/config.go
+++ b/internal/config/types/config.go
@@ -1,4 +1,4 @@
-package types
+package config

 import (
 	"context"
@@ -7,15 +7,17 @@ import (

 	"github.com/go-playground/validator/v10"
 	"github.com/yusing/go-proxy/agent/pkg/agent"
+	"github.com/yusing/go-proxy/internal/acl"
 	"github.com/yusing/go-proxy/internal/autocert"
 	"github.com/yusing/go-proxy/internal/gperr"
-	"github.com/yusing/go-proxy/internal/net/gphttp/accesslog"
+	"github.com/yusing/go-proxy/internal/logging/accesslog"
 	"github.com/yusing/go-proxy/internal/notif"
 	"github.com/yusing/go-proxy/internal/utils"
 )

 type (
 	Config struct {
+		ACL             *acl.Config              `json:"acl"`
 		AutoCert        *autocert.AutocertConfig `json:"autocert"`
 		Entrypoint      Entrypoint               `json:"entrypoint"`
 		Providers       Providers                `json:"providers"`
@@ -30,8 +32,11 @@ type (
 		Notification []notif.NotificationConfig `json:"notification" yaml:"notification,omitempty"`
 	}
 	Entrypoint struct {
-		Middlewares []map[string]any  `json:"middlewares"`
-		AccessLog   *accesslog.Config `json:"access_log" validate:"omitempty"`
+		Middlewares []map[string]any               `json:"middlewares"`
+		AccessLog   *accesslog.RequestLoggerConfig `json:"access_log" validate:"omitempty"`
+	}
+	HomepageConfig struct {
+		UseDefaultCategories bool `json:"use_default_categories"`
 	}

 	ConfigInstance interface {
--- a/internal/config/types/homepage_config.go
+++ b/internal/config/types/homepage_config.go
@@ -1,5 +0,0 @@
-package types
-
-type HomepageConfig struct {
-	UseDefaultCategories bool `json:"use_default_categories"`
-}