From ba87d6b980fb67d06acfec41ff75dcadd0abebab Mon Sep 17 00:00:00 2001
From: Gianni Carafa <gianni.carafa@srf.ch>
Date: Sun, 5 Nov 2023 22:55:57 +0100
Subject: [PATCH] add limitations

---
 README.md         |  4 ++++
 handlers/proxy.go | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a7b4092..f351cb5 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,10 @@ http://localhost:8080/raw/https://www.example.com
 | `DISABLE_FORM` | Disables URL Form Frontpage | `false` |
 | `FORM_PATH` | Path to custom Form HTML | `` |
 | `RULESET` | URL to a ruleset file | `https://raw.githubusercontent.com/kubero-dev/ladder/main/ruleset.yaml` or `/path/to/my/rules.yaml` |
+| `ALLOWED_DOMAINS` | Comma separated list of allowed domains. Empty = no limitations | `` |
+| `ALLOWED_DOMAINS_RULESET` | Allow Domains from Ruleset. false = no limitations | `false` |
+
+`ALLOWED_DOMAINS` and `ALLOWED_DOMAINS_RULESET` are joined together. If both are empty, no limitations are applied.
 
 ### Ruleset
 
diff --git a/handlers/proxy.go b/handlers/proxy.go
index 6d79889..89d8fa8 100644
--- a/handlers/proxy.go
+++ b/handlers/proxy.go
@@ -18,6 +18,7 @@ import (
 var UserAgent = getenv("USER_AGENT", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)")
 var ForwardedFor = getenv("X_FORWARDED_FOR", "66.249.66.1")
 var rulesSet = loadRules()
+var allowedDomains = strings.Split(os.Getenv("ALLOWED_DOMAINS"), ",")
 
 func ProxySite(c *fiber.Ctx) error {
 	// Get the url from the URL
@@ -51,6 +52,10 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
 		return "", nil, nil, err
 	}
 
+	if len(allowedDomains) > 0 && !StringInSlice(u.Host, allowedDomains) {
+		return "", nil, nil, fmt.Errorf("domain not allowed. %s not in %s", u.Host, allowedDomains)
+	}
+
 	if os.Getenv("DEBUG	") == "true" {
 		log.Println(u.String() + urlQuery)
 	}
@@ -149,7 +154,13 @@ func loadRules() RuleSet {
 		}
 		yaml.Unmarshal(yamlFile, &ruleSet)
 	}
-	//log.Print(ruleSet)
+
+	for _, rule := range ruleSet {
+		//log.Println("Loaded rules for", rule.Domain)
+		if os.Getenv("ALLOWED_DOMAINS_RULESET") == "true" {
+			allowedDomains = append(allowedDomains, rule.Domain)
+		}
+	}
 
 	log.Println("Loaded rules for", len(ruleSet), "Domains")
 	return ruleSet