feat: add IP gate plugin with SITE_ACCESS_IPS env var support
This commit is contained in:
Kirill
@@ -0,0 +1,95 @@
|
||||
const EXCLUDED_PATHS = [
|
||||
'/api/auth/oauth/vk/callback',
|
||||
'/api/auth/oauth/yandex/callback',
|
||||
'/api/webhooks/yookassa',
|
||||
'/api/admin/notifications/telegram/webhook',
|
||||
]
|
||||
|
||||
function build403Html(ip) {
|
||||
const safeIp = ip || 'не определён'
|
||||
return `<!DOCTYPE html>
|
||||
<html lang="ru">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Любимый Креатив — Доступ запрещён</title>
|
||||
<style>
|
||||
* { margin: 0; padding: 0; box-sizing: border-box }
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
|
||||
background: #faf8f5;
|
||||
color: #3d322b;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
min-height: 100vh;
|
||||
padding: 24px;
|
||||
}
|
||||
.card {
|
||||
max-width: 520px;
|
||||
width: 100%;
|
||||
background: #fff;
|
||||
border: 1px solid #e8e0d8;
|
||||
border-radius: 16px;
|
||||
padding: 48px 40px;
|
||||
text-align: center;
|
||||
box-shadow: 0 2px 16px rgb(0 0 0 / 4%);
|
||||
}
|
||||
.card h1 {
|
||||
font-size: 24px;
|
||||
font-weight: 600;
|
||||
letter-spacing: -0.3px;
|
||||
color: #4a3a2e;
|
||||
margin-bottom: 8px;
|
||||
}
|
||||
.card .tagline {
|
||||
font-size: 14px;
|
||||
color: #8c8177;
|
||||
margin-bottom: 32px;
|
||||
line-height: 1.5;
|
||||
}
|
||||
.card .status {
|
||||
font-size: 16px;
|
||||
color: #6b5e52;
|
||||
margin-bottom: 24px;
|
||||
line-height: 1.6;
|
||||
}
|
||||
.card .ip {
|
||||
font-size: 12px;
|
||||
color: #b8a99b;
|
||||
font-family: 'SF Mono', 'Cascadia Code', 'Fira Code', monospace;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="card">
|
||||
<h1>Любимый Креатив</h1>
|
||||
<p class="tagline">Изделия ручной работы: вещи с характером и вниманием к деталям</p>
|
||||
<p class="status">Сайт находится в разработке<br>и скоро будет доступен</p>
|
||||
<p class="ip">Ваш IP: ${safeIp}</p>
|
||||
</div>
|
||||
</body>
|
||||
</html>`
|
||||
}
|
||||
|
||||
export async function registerIpGate(fastify) {
|
||||
fastify.addHook('onRequest', async (request, reply) => {
|
||||
const allowed = process.env.SITE_ACCESS_IPS
|
||||
if (!allowed) return
|
||||
|
||||
const allowedIps = allowed
|
||||
.split(',')
|
||||
.map((s) => s.trim())
|
||||
.filter(Boolean)
|
||||
|
||||
if (allowedIps.length === 0) return
|
||||
|
||||
const urlPath = request.url.split('?')[0]
|
||||
|
||||
if (EXCLUDED_PATHS.includes(urlPath)) return
|
||||
|
||||
if (allowedIps.includes(request.ip)) return
|
||||
|
||||
return reply.code(403).type('text/html').send(build403Html(request.ip))
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user