Merge branch 'main' into main

2025-09-16 06:02:24 +03:00 · 2025-01-17 13:08:40 +03:00 · 2025-01-17 13:08:40 +03:00 · 563fd8d007
commit 563fd8d007
parent 2f82118b45 a41f9cc154
20 changed files with 488 additions and 56 deletions
--- a/setup/config/config_federationapi.go
+++ b/setup/config/config_federationapi.go
@ -52,6 +52,10 @@ type FederationAPI struct {

 	// The list of whitelisted servers
 	WhitelistedServers []spec.ServerName `yaml:"whitelisted_servers"`
+
+  // Deny/Allow lists used for restricting request scopes.
+	DenyNetworkCIDRs  []string `yaml:"deny_networks"`
+	AllowNetworkCIDRs []string `yaml:"allow_networks"`
 }

 func (c *FederationAPI) Defaults(opts DefaultOpts) {
@ -59,6 +63,20 @@ func (c *FederationAPI) Defaults(opts DefaultOpts) {
 	c.P2PFederationRetriesUntilAssumedOffline = 1
 	c.DisableTLSValidation = false
 	c.DisableHTTPKeepalives = false
+	c.DenyNetworkCIDRs = []string{
+		"127.0.0.1/8",
+		"10.0.0.0/8",
+		"172.16.0.0/12",
+		"192.168.0.0/16",
+		"100.64.0.0/10",
+		"169.254.0.0/16",
+		"::1/128",
+		"fe80::/64",
+		"fc00::/7",
+	}
+	c.AllowNetworkCIDRs = []string{
+		"0.0.0.0/0",
+	}
 	if opts.Generate {
 		c.KeyPerspectives = KeyPerspectives{
 			{