Added the possibility to restrict the host IP address for port mappings. (#137)

nscheibe · web-flow · commit b992475680f6 · 2024-02-22T17:13:03.000+01:00
diff --git a/src/Core/ContainerPortMapping.cs b/src/Core/ContainerPortMapping.cs
@@ -27,5 +27,12 @@ public class ContainerPortMapping
         /// External port that value will be resolved from variable
         /// </summary>
         public string ExternalPortVariableName { get; internal set; }
+
+        /// <summary>
+        /// Allowed host IP. Restriction
+        /// Example: HostIp = 127.0.0.1 
+        /// Default all IPs are allowed
+        /// </summary>
+        public string? HostIp { get; internal set; }
     }
 }
diff --git a/src/Core/ContainerResourceBuilder.cs b/src/Core/ContainerResourceBuilder.cs
@@ -135,6 +135,18 @@ public ContainerResourceBuilder Password(string password)
             return this;
         }
 
+        /// <summary>
+        /// Sets the allowed host IP address to use the external port.
+        /// Per default all IPs are allowed (0.0.0.0).
+        /// Example usage: if only localhost shall be allowed, then use 127.0.0.1
+        /// </summary>
+        /// <param name="hostIp">The allowed host IP for which the external port is exposed.</param>
+        public ContainerResourceBuilder HostIp(string? hostIp)
+        {
+            _options.HostIp = hostIp;
+            return this;
+        }
+
         /// <summary>
         /// Sets the main internal port of this container to the given value.
         ///
@@ -182,14 +194,21 @@ public ContainerResourceBuilder ExternalPort(int port)
         /// Only provide an external port if a static external port is required.
         /// When the given external port is already in use by a container, the creation will fail.
         /// </param>
+        /// <param name="hostIp">
+        /// Allowed host IP. Default all IPs are allowed
+        /// </param>
         /// <returns></returns>
-        public ContainerResourceBuilder AddPortMapping(int internalPort, int externalPort = 0)
+        public ContainerResourceBuilder AddPortMapping(
+            int internalPort,
+            int externalPort = 0,
+            string? hostIp = null)
         {
             _options.AdditionalPortMappings.Add(
                 new ContainerPortMapping()
                 {
                     ExternalPort = externalPort,
-                    InternalPort = internalPort
+                    InternalPort = internalPort,
+                    HostIp = hostIp
                 });
             return this;
         }
@@ -208,16 +227,21 @@ public ContainerResourceBuilder AddPortMapping(int internalPort, int externalPor
         /// Only provide an external port if a static external port is required.
         /// When the given external port is already in use by a container, the creation will fail.
         /// </param>
+        /// <param name="hostIp">
+        /// Allowed host IP. Default all IPs are allowed
+        /// </param>
         /// <returns></returns>
         public ContainerResourceBuilder AddPortMapping(
             int internalPort,
-            string externalPortVariableName)
+            string externalPortVariableName,
+            string? hostIp = null)
         {
             _options.AdditionalPortMappings.Add(
                 new ContainerPortMapping()
                 {
                     InternalPort = internalPort,
                     ExternalPortVariableName = externalPortVariableName,
+                    HostIp = hostIp
                 });
             return this;
         }
@@ -239,16 +263,21 @@ public ContainerResourceBuilder AddPortMapping(
         /// Only provide an external port if a static external port is required.
         /// When the given external port is already in use by a container, the creation will fail.
         /// </param>
+        /// <param name="hostIp">
+        /// Allowed host IP. Default all IPs are allowed
+        /// </param>
         /// <returns></returns>
         public ContainerResourceBuilder AddPortMapping(
             string internalPortVariableName,
-            int externalPort = 0)
+            int externalPort = 0,
+            string? hostIp = null)
         {
             _options.AdditionalPortMappings.Add(
                 new ContainerPortMapping()
                 {
                     InternalPortVariableName = internalPortVariableName,
                     ExternalPort = externalPort,
+                    HostIp = hostIp
                 });
             return this;
         }
@@ -268,16 +297,21 @@ public ContainerResourceBuilder AddPortMapping(
         /// Only provide an external port if a static external port is required.
         /// When the given external port is already in use by a container, the creation will fail.
         /// </param>
+        /// <param name="hostIp">
+        /// Allowed host IP. Default all IPs are allowed
+        /// </param>
         /// <returns></returns>
         public ContainerResourceBuilder AddPortMapping(
             string internalPortVariableName,
-            string externalPortVariableName)
+            string externalPortVariableName,
+            string? hostIp = null)
         {
             _options.AdditionalPortMappings.Add(
                 new ContainerPortMapping()
                 {
                     InternalPortVariableName = internalPortVariableName,
-                    ExternalPortVariableName = externalPortVariableName
+                    ExternalPortVariableName = externalPortVariableName,
+                    HostIp = hostIp
                 });
             return this;
         }
diff --git a/src/Core/ContainerResourceSettings.cs b/src/Core/ContainerResourceSettings.cs
@@ -18,6 +18,13 @@ public class ContainerResourceSettings
         /// </summary>
         public string Image { get; internal set; }
 
+        /// <summary>
+        /// Allowed host IP. Restriction
+        /// Example: HostIp = 127.0.0.1 
+        /// Default all IPs are allowed
+        /// </summary>
+        public string? HostIp { get; internal set; }
+
         /// <summary>
         /// Returns the main internal port of the container
         /// </summary>
diff --git a/src/Core/DockerContainerManager.cs b/src/Core/DockerContainerManager.cs
@@ -302,6 +302,7 @@ private async Task CreateContainerAsync()
                 {
                     InternalPort = _settings.InternalPort,
                     ExternalPort = _settings.ExternalPort,
+                    HostIp = _settings.HostIp
                 }
             };
             allPorts.AddRange(_settings.AdditionalPortMappings);
@@ -316,7 +317,7 @@ private async Task CreateContainerAsync()
                 portMapping.Value.Add(
                     new PortBinding()
                     {
-                        HostIP = "",
+                        HostIP = containerPortMapping.HostIp ?? "",
                         HostPort = containerPortMapping.ExternalPort != 0 ?
                             containerPortMapping.ExternalPort.ToString()
                             : ""
@@ -489,11 +490,12 @@ private async Task ResolveHostAddressAsync()
                         {
                             Instance.HostPort =
                                 ResolvePort(inspectResponse, $"{_settings.InternalPort}/tcp");
-                            foreach (ContainerPortMapping portMapping
-                                in _settings.AdditionalPortMappings)
+
+                            foreach (ContainerPortMapping portMapping in _settings.AdditionalPortMappings)
                             {
                                 Instance.AdditionalPorts.Add(new ContainerPortMapping()
                                 {
+                                    HostIp = portMapping.HostIp,
                                     InternalPort = portMapping.InternalPort,
                                     ExternalPort = ResolvePort(
                                         inspectResponse,

Original file line number	Diff line number	Diff line change
`@@ -27,5 +27,12 @@ public class ContainerPortMapping`
`27`	`27`	`/// External port that value will be resolved from variable`
`28`	`28`	`/// </summary>`
`29`	`29`	`public string ExternalPortVariableName { get; internal set; }`
	`30`	`+`
	`31`	`+ /// <summary>`
	`32`	`+ /// Allowed host IP. Restriction`
	`33`	`+ /// Example: HostIp = 127.0.0.1`
	`34`	`+ /// Default all IPs are allowed`
	`35`	`+ /// </summary>`
	`36`	`+ public string? HostIp { get; internal set; }`
`30`	`37`	`}`
`31`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -302,6 +302,7 @@ private async Task CreateContainerAsync()`
`302`	`302`	`{`
`303`	`303`	`InternalPort = _settings.InternalPort,`
`304`	`304`	`ExternalPort = _settings.ExternalPort,`
	`305`	`+ HostIp = _settings.HostIp`
`305`	`306`	`}`
`306`	`307`	`};`
`307`	`308`	`allPorts.AddRange(_settings.AdditionalPortMappings);`
`@@ -316,7 +317,7 @@ private async Task CreateContainerAsync()`
`316`	`317`	`portMapping.Value.Add(`
`317`	`318`	`new PortBinding()`
`318`	`319`	`{`
`319`		`- HostIP = "",`
	`320`	`+ HostIP = containerPortMapping.HostIp ?? "",`
`320`	`321`	`HostPort = containerPortMapping.ExternalPort != 0 ?`
`321`	`322`	`containerPortMapping.ExternalPort.ToString()`
`322`	`323`	`: ""`
`@@ -489,11 +490,12 @@ private async Task ResolveHostAddressAsync()`
`489`	`490`	`{`
`490`	`491`	`Instance.HostPort =`
`491`	`492`	`ResolvePort(inspectResponse, $"{_settings.InternalPort}/tcp");`
`492`		`- foreach (ContainerPortMapping portMapping`
`493`		`- in _settings.AdditionalPortMappings)`
	`493`	`+`
	`494`	`+ foreach (ContainerPortMapping portMapping in _settings.AdditionalPortMappings)`
`494`	`495`	`{`
`495`	`496`	`Instance.AdditionalPorts.Add(new ContainerPortMapping()`
`496`	`497`	`{`
	`498`	`+ HostIp = portMapping.HostIp,`
`497`	`499`	`InternalPort = portMapping.InternalPort,`
`498`	`500`	`ExternalPort = ResolvePort(`
`499`	`501`	`inspectResponse,`