From 28ede25da82cbeb9cc3083c37dce86ac3ba15c08 Mon Sep 17 00:00:00 2001
From: Wynd <wyndmaster@gmail.com>
Date: Sun, 22 Feb 2026 13:49:24 +0200
Subject: [PATCH] Added allowed ip ranges

---
 Cargo.lock  |  7 +++++++
 Cargo.toml  |  1 +
 src/cli.rs  |  3 +++
 src/main.rs | 26 ++++++++++++++++++++++++--
 4 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 2a084db..62e54a5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -136,6 +136,12 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
 
+[[package]]
+name = "ipnet"
+version = "2.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"
+
 [[package]]
 name = "is_terminal_polyfill"
 version = "1.70.2"
@@ -223,6 +229,7 @@ version = "0.1.0"
 dependencies = [
  "clap",
  "env_logger",
+ "ipnet",
  "log",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index 34d7357..6b0da6a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,4 +21,5 @@ uninlined_format_args = { level = "warn" }
 [dependencies]
 clap = { version = "4.5.60", features = ["derive"] }
 env_logger = "0.11.9"
+ipnet = "2.11.0"
 log = "0.4.29"
diff --git a/src/cli.rs b/src/cli.rs
index ca8241a..c5e443e 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -11,4 +11,7 @@ pub struct CliArgs {
 
 	#[arg(short, long, num_args(0..), value_hint = ValueHint::DirPath)]
 	pub export: String,
+
+	#[arg(short, long, num_args(0..))]
+	pub allowed_devices: Option<Vec<String>>,
 }
diff --git a/src/main.rs b/src/main.rs
index efa93b9..ec63177 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -24,13 +24,14 @@ fn main() -> Result<()> {
 	let ip = args.ip.unwrap_or_default();
 	let port = args.port.unwrap_or_default();
 	let export = args.export;
+	let allowed = args.allowed_devices;
 
 	let socket = SocketAddr::from_str(&format!("{ip}:{port}")).unwrap();
 	let listener = TcpListener::bind(socket).unwrap();
 
 	for stream in listener.incoming() {
 		match stream {
-			Ok(conn) => handle_connection(conn, export.clone())?,
+			Ok(conn) => handle_connection(conn, export.clone(), allowed.clone())?,
 			Err(e) => eprintln!("Something went wrong while listening {e}"),
 		}
 	}
@@ -38,10 +39,31 @@ fn main() -> Result<()> {
 	Ok(())
 }
 
-fn handle_connection(mut conn: TcpStream, export: String) -> Result<()> {
+fn handle_connection(
+	mut conn: TcpStream,
+	export: String,
+	allowed_devices: Option<Vec<String>>,
+) -> Result<()> {
 	let mut paths = vec![];
 	let mut buffer = ByteBuffer::default();
 
+	if let Some(allowed_devices) = allowed_devices {
+		let remote_ip = conn
+			.peer_addr()
+			.expect("Could not get remote IP address")
+			.ip();
+
+		for allowed in allowed_devices {
+			let allowed_net = ipnet::IpNet::from_str(&allowed).unwrap();
+
+			let is_allowed = allowed_net.contains(&remote_ip);
+			if !is_allowed {
+				log::error!("{remote_ip} tried to connect but is not allowed");
+				return Ok(());
+			}
+		}
+	}
+
 	walk_dir(&export, &mut paths);
 
 	log::info!("Sending {} files", paths.len());