Skip to content

Instantly share code, notes, and snippets.

@Brymes

Brymes/IP WhiteIisting.md

Last active January 29, 2025 21:01
Show Gist options
  • Save Brymes/00e51eecbe461561e6c786ba4c116d09 to your computer and use it in GitHub Desktop.
Save Brymes/00e51eecbe461561e6c786ba4c116d09 to your computer and use it in GitHub Desktop.
Download ZIP
IP WhiteIisting with Golang(Go) Gin
Raw
IP WhiteIisting.md

IP WhiteIisting with Golang(Go) Gin

Securing endpoints to specific IP addresses to prevent unauthorized access is a common practice in Backend engineering particularly for sensitive endpoints.

An Example is Securing Webhook endpoints E.g. Paystack

The files Attached

  • main.go :: Houses the server
  • middleware.go :: Houses the IP whitelisting function

The approach is to have selected endpoints available to only selected IP addresses by taking advantage of Gin's middleware Approach

Note:

  • This example can't be tested out locally
  • Supply real IP addresses to the IpWhitelist map
Raw
main.go
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
var IPWhitelist = map[string]bool{
"52.31.139.75": true,
"1.1.1.1": true,
"2.2.2.2": true,
}
func main() {
router := gin.Default()
router.GET("/ping", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"message": "pong",
})
})
protectedEndpoint := router.Group("/")
protectedEndpoint.Use(IPWhiteListMiddleware(IPWhitelist))
protectedEndpoint.GET("protectedEndpoint", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"message": "This is a protected endpoint",
})
})
router.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080")
}
Raw
middleware.go
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
func IPWhiteListMiddleware(whitelist map[string]bool) gin.HandlerFunc {
return func(c *gin.Context) {
ip := c.ClientIP()
if !whitelist[ip] {
c.IndentedJSON(http.StatusForbidden, gin.H{
"message": "You are not authorised to use this endpoint",
})
return
}
}
}
@TiTiKy441
Copy link

Causes: [GIN-debug] [WARNING] Headers were already written. Wanted to override status code 403 with 200

And executes handler function too, giving two responses

Modify:

package main

import (
	"net/http"

	"github.com/gin-gonic/gin"
)

func IPWhiteListMiddleware(whitelist map[string]bool) gin.HandlerFunc {
	return func(c *gin.Context) {
		ip := c.ClientIP()

		if !whitelist[ip] {
			c.IndentedJSON(http.StatusForbidden, gin.H{
				"message": "You are not authorised to use this endpoint",
			})
			c.Abort()
			return
		}
	}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment