refactor: add toggle for internal network access validation

iFurySt · iFurySt · commit e2bbbe0bbd2e · 2026-01-19T17:45:03.000+08:00
diff --git a/configs/mcp-gateway.yaml b/configs/mcp-gateway.yaml
@@ -149,6 +149,8 @@ forward:
 
 tool_access:
   internal_network:
+    # Enable/disable internal network access validation. Defaults to true.
+    enabled: ${INTERNAL_NETWORK_VALIDATION_ENABLED:false}
     # Allowlist of internal targets (CIDR/IP/hostname). Empty means internal access is blocked.
     allowlist: "${INTERNAL_NETWORK_ALLOWLIST:127.0.0.1/32,localhost}"
 #    allowlist: "internal.service.local,192.168.1.1"
diff --git a/internal/common/config/config.go b/internal/common/config/config.go
@@ -67,6 +67,8 @@ type (
 
 	// InternalNetworkAccessConfig defines allowlist for internal network targets.
 	InternalNetworkAccessConfig struct {
+		// Enabled controls whether internal network access validation is enabled.
+		Enabled   *bool      `yaml:"enabled"`
 		Allowlist StringList `yaml:"allowlist"`
 	}
 
diff --git a/internal/core/internal_network.go b/internal/core/internal_network.go
@@ -103,6 +103,11 @@ func isInternalAddr(addr netip.Addr) bool {
 }
 
 func (s *Server) validateToolEndpoint(ctx context.Context, endpoint *url.URL) error {
+	// Skip validation if internal network access check is disabled
+	if !s.internalNetEnabled {
+		return nil
+	}
+
 	if endpoint == nil {
 		return fmt.Errorf("tool endpoint is empty")
 	}
diff --git a/internal/core/internal_network_test.go b/internal/core/internal_network_test.go
@@ -9,7 +9,7 @@ import (
 )
 
 func TestValidateToolEndpoint_InternalBlocked(t *testing.T) {
-	s := &Server{}
+	s := &Server{internalNetEnabled: true}
 	u, err := url.Parse("http://127.0.0.1:8080")
 	assert.NoError(t, err)
 	assert.Error(t, s.validateToolEndpoint(context.Background(), u))
@@ -19,7 +19,7 @@ func TestValidateToolEndpoint_InternalAllowlistedCIDR(t *testing.T) {
 	allowlist, invalid := parseInternalNetworkAllowlist([]string{"127.0.0.0/8"})
 	assert.Empty(t, invalid)
 
-	s := &Server{internalNetACL: allowlist}
+	s := &Server{internalNetEnabled: true, internalNetACL: allowlist}
 	u, err := url.Parse("http://127.0.0.1:8080")
 	assert.NoError(t, err)
 	assert.NoError(t, s.validateToolEndpoint(context.Background(), u))
@@ -29,15 +29,23 @@ func TestValidateToolEndpoint_InternalAllowlistedHost(t *testing.T) {
 	allowlist, invalid := parseInternalNetworkAllowlist([]string{"internal.local"})
 	assert.Empty(t, invalid)
 
-	s := &Server{internalNetACL: allowlist}
+	s := &Server{internalNetEnabled: true, internalNetACL: allowlist}
 	u, err := url.Parse("http://internal.local/health")
 	assert.NoError(t, err)
 	assert.NoError(t, s.validateToolEndpoint(context.Background(), u))
 }
 
 func TestValidateToolEndpoint_PublicIPAllowed(t *testing.T) {
-	s := &Server{}
+	s := &Server{internalNetEnabled: true}
 	u, err := url.Parse("http://8.8.8.8")
 	assert.NoError(t, err)
 	assert.NoError(t, s.validateToolEndpoint(context.Background(), u))
 }
+
+func TestValidateToolEndpoint_Disabled(t *testing.T) {
+	s := &Server{internalNetEnabled: false}
+	u, err := url.Parse("http://127.0.0.1:8080")
+	assert.NoError(t, err)
+	// When disabled, internal addresses should be allowed
+	assert.NoError(t, s.validateToolEndpoint(context.Background(), u))
+}
diff --git a/internal/core/server.go b/internal/core/server.go
@@ -61,16 +61,17 @@ type (
 		// shutdownCh is used to signal shutdown to all SSE connections
 		shutdownCh chan struct{}
 		// toolRespHandler is a chain of response handlers
-		toolRespHandler ResponseHandler
-		lastUpdateTime  time.Time
-		auth            auth.Auth
-		forwardConfig   config.ForwardConfig
-		traceCapture    apptrace.CaptureConfig
-		tracingService  string // OTel service name for tracing
-		metrics         *metrics.Metrics
-		metricsPath     string
-		toolAccess      config.ToolAccessConfig
-		internalNetACL  internalNetworkAllowlist
+		toolRespHandler    ResponseHandler
+		lastUpdateTime     time.Time
+		auth               auth.Auth
+		forwardConfig      config.ForwardConfig
+		traceCapture       apptrace.CaptureConfig
+		tracingService     string // OTel service name for tracing
+		metrics            *metrics.Metrics
+		metricsPath        string
+		toolAccess         config.ToolAccessConfig
+		internalNetACL     internalNetworkAllowlist
+		internalNetEnabled bool
 		// Pre-parsed header lists for efficient lookup
 		ignoreHeaders   []string
 		allowHeaders    []string
@@ -165,6 +166,7 @@ func (s *Server) applyForwardConfig(cfg config.ForwardConfig) {
 // applyToolAccessConfig sets tool access config and parses internal allowlists.
 func (s *Server) applyToolAccessConfig(cfg config.ToolAccessConfig) {
 	s.toolAccess = cfg
+	s.internalNetEnabled = cfg.InternalNetwork.Enabled == nil || *cfg.InternalNetwork.Enabled
 	allowlist, invalid := parseInternalNetworkAllowlist(cfg.InternalNetwork.Allowlist)
 	if len(invalid) > 0 {
 		s.logger.Warn("invalid internal network allowlist entries",

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,8 @@ type (`
`67`	`67`
`68`	`68`	`// InternalNetworkAccessConfig defines allowlist for internal network targets.`
`69`	`69`	`InternalNetworkAccessConfig struct {`
	`70`	`+ // Enabled controls whether internal network access validation is enabled.`
	`71`	+ Enabled *bool `yaml:"enabled"`
`70`	`72`	Allowlist StringList `yaml:"allowlist"`
`71`	`73`	`}`
`72`	`74`
Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,11 @@ func isInternalAddr(addr netip.Addr) bool {`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`func (s Server) validateToolEndpoint(ctx context.Context, endpoint url.URL) error {`
	`106`	`+ // Skip validation if internal network access check is disabled`
	`107`	`+ if !s.internalNetEnabled {`
	`108`	`+ return nil`
	`109`	`+ }`
	`110`	`+`
`106`	`111`	`if endpoint == nil {`
`107`	`112`	`return fmt.Errorf("tool endpoint is empty")`
`108`	`113`	`}`