feat: add support for global ip filters

[steveiliop56]

Solves #516.

Summary by CodeRabbit

• New Features

  • IP-based access filtering with configurable global allow and block lists
  • IP filters now merge global and application-specific rules
  • Authentication configuration supports IP filtering at multiple levels

• Improvements

  • Access control logic enhanced to evaluate permissions on a per-user basis

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds global IP allow/block configuration to auth flow, merges global and app-specific IP filters in AuthService.CheckIP, and renames IsResourceAllowed → IsUserAllowed with corresponding controller wiring updates.

Changes

Cohort / File(s)	Summary
Configuration Layer internal/config/config.go	Added IPConfig type (Allow []string, Block []string) and new IP field on AuthConfig for global IP rules.
Authentication Service internal/service/auth_service.go	Added IP config.IPConfig to AuthServiceConfig; renamed IsResourceAllowed → IsUserAllowed; changed CheckIP to merge global (auth.cfg.IP) and app (acls) allow/block lists and use merged lists for decisions and logging.
Service Wiring internal/bootstrap/service_bootstrap.go	Passes app.config.Auth.IP into AuthServiceConfig when initializing the auth service.
Controller Integration internal/controller/proxy_controller.go	Replaced call to IsResourceAllowed with IsUserAllowed and renamed appAllowed → userAllowed; updated conditional/response handling accordingly.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant ProxyController
    participant AuthService
    participant Config

    Client->>ProxyController: request with user/app context
    ProxyController->>AuthService: IsUserAllowed(ctx, userContext, appAcls)
    AuthService->>Config: read global IP config (auth.cfg.IP)
    AuthService-->>AuthService: merge global IP lists with appAcls IP lists
    AuthService-->>ProxyController: allow/deny result
    ProxyController-->>Client: 200 or 401/403 response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• refactor: split bootstrap to smaller files for better readability #518: Modifies internal/bootstrap/service_bootstrap.go and auth service initialization wiring (related to adding AuthServiceConfig.IP).

Suggested reviewers

• Rycochet

Poem

🐇 I hopped through configs, sniffed the air,

Merged global rules with app-aware,
Block and allow in tidy rows,
I guard the gate where traffic goes,
A little rabbit, watching who may pass. 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add support for global ip filters' accurately describes the main change: introducing global IP filtering configuration across the authentication service.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e553dae and e8a7144.

📒 Files selected for processing (1)

• internal/bootstrap/service_bootstrap.go

🚧 Files skipped from review as they are similar to previous changes (1)

• internal/bootstrap/service_bootstrap.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (go)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 11.11111% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 19.23%. Comparing base (e3c98fa) to head (e8a7144).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/service/auth_service.go	0.00%	6 Missing ⚠️
internal/bootstrap/service_bootstrap.go	0.00%	1 Missing ⚠️
internal/controller/proxy_controller.go	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #567      +/-   ##
==========================================
- Coverage   19.25%   19.23%   -0.03%     
==========================================
  Files          39       39              
  Lines        2295     2298       +3     
==========================================
  Hits          442      442              
- Misses       1825     1828       +3     
  Partials       28       28              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.