Improve IP getter
This commit is contained in:
Jesús Ramos
parent
ec78319470
commit
c8ef1d6ccf
@ -12,6 +12,7 @@
|
||||
"dependencies": {
|
||||
"@headlessui/react": "^1.7.2",
|
||||
"@kubernetes/client-node": "^0.17.1",
|
||||
"@supercharge/request-ip": "^1.2.0",
|
||||
"classnames": "^2.3.2",
|
||||
"compare-versions": "^5.0.1",
|
||||
"dockerode": "^3.3.4",
|
||||
|
||||
@ -7,6 +7,9 @@ dependencies:
|
||||
'@kubernetes/client-node':
|
||||
specifier: ^0.17.1
|
||||
version: 0.17.1
|
||||
'@supercharge/request-ip':
|
||||
specifier: ^1.2.0
|
||||
version: 1.2.0
|
||||
classnames:
|
||||
specifier: ^2.3.2
|
||||
version: 2.3.2
|
||||
@ -400,6 +403,10 @@ packages:
|
||||
resolution: {integrity: sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg==}
|
||||
dev: true
|
||||
|
||||
/@supercharge/request-ip@1.2.0:
|
||||
resolution: {integrity: sha512-wlt6JW69MHqLY2M6Sm/jVyCojNRKq2CBvwH0Hbx24SFhDQQGkgEjeKxVutDxHSyrWixFaOSLXC27euzxijhyMQ==}
|
||||
dev: false
|
||||
|
||||
/@swc/helpers@0.4.11:
|
||||
resolution: {integrity: sha512-rEUrBSGIoSFuYxwBYtlUFMlE2CwGhmW+w9355/5oduSw8e5h2+Tj4UrAGNNgP9915++wj5vkQo0UuOBqOAq4nw==}
|
||||
dependencies:
|
||||
@ -645,6 +652,7 @@ packages:
|
||||
/autoprefixer@10.4.14(postcss@8.4.21):
|
||||
resolution: {integrity: sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==}
|
||||
engines: {node: ^10 || ^12 || >=14}
|
||||
hasBin: true
|
||||
peerDependencies:
|
||||
postcss: ^8.1.0
|
||||
dependencies:
|
||||
@ -1221,6 +1229,7 @@ packages:
|
||||
|
||||
/eslint-config-prettier@8.8.0(eslint@8.37.0):
|
||||
resolution: {integrity: sha512-wLbQiFre3tdGgpDv67NQKnJuTlcUVYHas3k+DZCc2U2BadthoEY4B7hLPvAxaqdyOGCzuLfii2fqGph10va7oA==}
|
||||
hasBin: true
|
||||
peerDependencies:
|
||||
eslint: '>=7.0.0'
|
||||
dependencies:
|
||||
@ -2374,6 +2383,7 @@ packages:
|
||||
/next@12.3.4(react-dom@18.2.0)(react@18.2.0):
|
||||
resolution: {integrity: sha512-VcyMJUtLZBGzLKo3oMxrEF0stxh8HwuW976pAzlHhI3t8qJ4SROjCrSh1T24bhrbjw55wfZXAbXPGwPt5FLRfQ==}
|
||||
engines: {node: '>=12.22.0'}
|
||||
hasBin: true
|
||||
peerDependencies:
|
||||
fibers: '>= 3.1.0'
|
||||
node-sass: ^6.0.0 || ^7.0.0
|
||||
@ -3229,6 +3239,7 @@ packages:
|
||||
/tailwindcss@3.3.0(postcss@8.4.21):
|
||||
resolution: {integrity: sha512-hOXlFx+YcklJ8kXiCAfk/FMyr4Pm9ck477G0m/us2344Vuj355IpoEDB5UmGAsSpTBmr+4ZhjzW04JuFXkb/fw==}
|
||||
engines: {node: '>=12.13.0'}
|
||||
hasBin: true
|
||||
peerDependencies:
|
||||
postcss: ^8.0.9
|
||||
dependencies:
|
||||
@ -3450,6 +3461,7 @@ packages:
|
||||
|
||||
/update-browserslist-db@1.0.10(browserslist@4.21.5):
|
||||
resolution: {integrity: sha512-OztqDenkfFkbSG+tRxBeAnCVPckDBcvibKd35yDONx6OU8N7sqgwc7rCbkJ/WcYtVRZ4ba68d6byhC21GFh7sQ==}
|
||||
hasBin: true
|
||||
peerDependencies:
|
||||
browserslist: '>= 4.21.0'
|
||||
dependencies:
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
import { getClientIp } from "@supercharge/request-ip";
|
||||
|
||||
import { getSettings } from "utils/config/config";
|
||||
|
||||
function checkIPRange(ip, ipSpace) {
|
||||
@ -25,7 +27,7 @@ function checkIPRange(ip, ipSpace) {
|
||||
return false;
|
||||
}
|
||||
|
||||
function isRequestProxied(req) {
|
||||
function isRequestProxied(remoteAddress) {
|
||||
const settings = getSettings();
|
||||
// Check if trustedproxies is set
|
||||
const trustedProxies = settings?.trustedproxies;
|
||||
@ -34,7 +36,7 @@ function isRequestProxied(req) {
|
||||
// is in the trustedproxies address space using CIDR notation.
|
||||
if (trustedProxies) {
|
||||
// Get the connection IP and strip IPv6 from the hybrid IPv4-IPv6 socket
|
||||
const ip = req.connection.remoteAddress.replace(/^.*:/, '');
|
||||
const ip = remoteAddress.replace(/^.*:/, '');
|
||||
|
||||
for (let i = 0; i < trustedProxies.length; i += 1) {
|
||||
const proxy = trustedProxies[i].trim();
|
||||
@ -47,17 +49,12 @@ function isRequestProxied(req) {
|
||||
return false;
|
||||
}
|
||||
|
||||
export function getClientIP(req) {
|
||||
// Check if the request is proxied
|
||||
const proxied = isRequestProxied(req);
|
||||
// If the request is proxied, get the forwarded IP address
|
||||
// from the X-Real-IP header
|
||||
const forwarded = req.headers["x-real-ip"];
|
||||
// If not get the connection IP address
|
||||
const ip = req.connection.remoteAddress.replace(/^.*:/, '');
|
||||
export function getRealClientIP(req) {
|
||||
const {remoteAddress} = req.socket;
|
||||
const proxied = isRequestProxied(remoteAddress);
|
||||
|
||||
// Conditionally return the forwarded IP address or the connection IP address
|
||||
return proxied ? (forwarded || ip) : ip;
|
||||
// If request is proxied we can trust headers, otherwise we return the socket IP
|
||||
return proxied ? getClientIp(req) || remoteAddress : remoteAddress;
|
||||
}
|
||||
|
||||
export function isInLocalScope(req) {
|
||||
@ -68,7 +65,7 @@ export function isInLocalScope(req) {
|
||||
// If localscope is set, check if the client IP
|
||||
// is in the localscope address space using CIDR notation.
|
||||
if (localScope) {
|
||||
const ip = getClientIP(req);
|
||||
const ip = getRealClientIP(req);
|
||||
|
||||
for (let i = 0; i < localScope.length; i += 1) {
|
||||
const localIP = localScope[i].trim();
|
||||
@ -80,4 +77,3 @@ export function isInLocalScope(req) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user