feat(security): Implemented more security information

lib/config/overrides.go

@@ -3,6 +3,9 @@ package config
 import (
 	"fmt"
 	"strconv"
+	"strings"
+
+	"warpbox/lib/security"
 )
 
 func (cfg *Config) ApplyOverrides(overrides map[string]string) error {
@@ -26,6 +29,11 @@ func (cfg *Config) ApplyOverride(key string, value string) error {
 		return fmt.Errorf("setting %q cannot be changed from the admin UI", key)
 	}
 
+	value = strings.TrimSpace(value)
+	if err := validateSecurityTextSetting(key, value); err != nil {
+		return err
+	}
+
 	switch def.Type {
 	case SettingTypeBool:
 		parsed, err := parseBool(value)
@@ -58,6 +66,21 @@ func (cfg *Config) ApplyOverride(key string, value string) error {
 	}
 	return nil
 }
+
+func validateSecurityTextSetting(key string, value string) error {
+	switch key {
+	case SettingSecurityIPWhitelist, SettingSecurityAdminIPWhitelist:
+		if _, err := security.ParseIPMatchers(value, true); err != nil {
+			return fmt.Errorf("%s: %w", key, err)
+		}
+	case SettingTrustedProxyCIDRs:
+		if _, err := security.ParseCIDRList(value); err != nil {
+			return fmt.Errorf("%s: %w", key, err)
+		}
+	}
+	return nil
+}
+
 func (cfg *Config) assignBool(key string, value bool, source Source) {
 	switch key {
 	case SettingGuestUploadsEnabled:
@@ -138,6 +161,8 @@ func (cfg *Config) assignText(key string, value string, source Source) {
 		cfg.SecurityIPWhitelist = value
 	case SettingSecurityAdminIPWhitelist:
 		cfg.SecurityAdminIPWhitelist = value
+	case SettingTrustedProxyCIDRs:
+		cfg.TrustedProxyCIDRs = value
 	}
 	cfg.setValue(key, value, source)
 }