@abtnode/router-provider 1.16.45-beta-20250624-134945-a23c15fc → 1.16.45-beta-20250625-064956-91b0fb8f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/nginx/includes/whitelist +0 -0
  2. package/lib/nginx/index.js +25 -5
  3. package/lib/nginx/util.js +4 -0
  4. package/package.json +7 -7
package/lib/nginx/includes/whitelist ADDED
File without changes
package/lib/nginx/index.js CHANGED
@@ -224,6 +224,9 @@ class NginxProvider extends BaseProvider {
224
224
  } else {
225
225
  this.updateBlacklist([]);
226
226
  }
227
+
228
+ this.updateWhitelist();
229
+
227
230
  this.updateProxyPolicy(proxyPolicy);
228
231
 
229
232
  const allRules = sites.reduce((acc, site) => {
@@ -897,7 +900,12 @@ class NginxProvider extends BaseProvider {
897
900
  server._add('listen', `${decideHttpsPort()} ssl`);
898
901
  }
899
902
 
900
- server._add('return', '444');
903
+ if (process.env.ABT_NODE_IP_WHITELIST) {
904
+ server._addVerbatimBlock('if ($access_trusted = 0)', 'return 444;');
905
+ server._add('return', '200');
906
+ } else {
907
+ server._add('return', '444');
908
+ }
901
909
  }
902
910
 
903
911
  _addStubStatusLocation(conf) {
@@ -1190,6 +1198,18 @@ class NginxProvider extends BaseProvider {
1190
1198
  fs.writeFileSync(blacklistFile, blacklist.map((x) => `${x} 1;`).join(os.EOL));
1191
1199
  }
1192
1200
 
1201
+ updateWhitelist() {
1202
+ try {
1203
+ const whitelistFile = path.join(this.includesDir, 'whitelist');
1204
+ let whitelist = process.env.ABT_NODE_IP_WHITELIST?.split(',') || []; // IP 地址列表,支持 CIDR 格式
1205
+ whitelist = whitelist.map((x) => x.trim()).filter(Boolean);
1206
+
1207
+ fs.writeFileSync(whitelistFile, whitelist.map((x) => `${x} 1;`).join(os.EOL));
1208
+ } catch (error) {
1209
+ logger.error('Failed to update whitelist', { error, env: process.env.ABT_NODE_IP_WHITELIST });
1210
+ }
1211
+ }
1212
+
1193
1213
  updateProxyPolicy(proxyPolicy) {
1194
1214
  const proxyRaw = fs.readFileSync(path.join(this.includesDir, 'proxy.raw'), 'utf8');
1195
1215
  const proxyPolicyFile = path.join(this.includesDir, 'proxy');
@@ -1447,6 +1467,10 @@ NginxProvider.check = async ({ configDir = '' } = {}) => {
1447
1467
  await provider.start();
1448
1468
  await provider.stop();
1449
1469
 
1470
+ if (fs.existsSync(testDir)) {
1471
+ fs.rmSync(testDir, { recursive: true, force: true });
1472
+ }
1473
+
1450
1474
  return result;
1451
1475
  } catch (error) {
1452
1476
  if (process.env.DEBUG) {
@@ -1456,10 +1480,6 @@ NginxProvider.check = async ({ configDir = '' } = {}) => {
1456
1480
  result.error = error.message;
1457
1481
  logger.error('check nginx failed', { error });
1458
1482
  return result;
1459
- } finally {
1460
- if (fs.existsSync(testDir)) {
1461
- fs.rmSync(testDir, { recursive: true, force: true });
1462
- }
1463
1483
  }
1464
1484
  };
1465
1485
 
package/lib/nginx/util.js CHANGED
@@ -209,6 +209,10 @@ real_ip_recursive ${proxyPolicy?.trustRecursive ? 'on' : 'off'};`
209
209
  default 0;
210
210
  include includes/blacklist;
211
211
  }
212
+ geo $access_trusted {
213
+ default 0;
214
+ include includes/whitelist;
215
+ }
212
216
  map $http_upgrade $connection_upgrade {
213
217
  default upgrade;
214
218
  '' "";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@abtnode/router-provider",
3
- "version": "1.16.45-beta-20250624-134945-a23c15fc",
3
+ "version": "1.16.45-beta-20250625-064956-91b0fb8f",
4
4
  "description": "Routing engine implementations for abt node",
5
5
  "author": "polunzh <polunzh@gmail.com>",
6
6
  "homepage": "https://github.com/ArcBlock/blocklet-server#readme",
@@ -32,11 +32,11 @@
32
32
  "url": "https://github.com/ArcBlock/blocklet-server/issues"
33
33
  },
34
34
  "dependencies": {
35
- "@abtnode/constant": "1.16.45-beta-20250624-134945-a23c15fc",
36
- "@abtnode/db-cache": "1.16.45-beta-20250624-134945-a23c15fc",
37
- "@abtnode/logger": "1.16.45-beta-20250624-134945-a23c15fc",
38
- "@abtnode/router-templates": "1.16.45-beta-20250624-134945-a23c15fc",
39
- "@abtnode/util": "1.16.45-beta-20250624-134945-a23c15fc",
35
+ "@abtnode/constant": "1.16.45-beta-20250625-064956-91b0fb8f",
36
+ "@abtnode/db-cache": "1.16.45-beta-20250625-064956-91b0fb8f",
37
+ "@abtnode/logger": "1.16.45-beta-20250625-064956-91b0fb8f",
38
+ "@abtnode/router-templates": "1.16.45-beta-20250625-064956-91b0fb8f",
39
+ "@abtnode/util": "1.16.45-beta-20250625-064956-91b0fb8f",
40
40
  "@arcblock/http-proxy": "^1.19.1",
41
41
  "@arcblock/is-valid-domain": "^1.0.5",
42
42
  "@ocap/util": "^1.20.14",
@@ -62,5 +62,5 @@
62
62
  "bluebird": "^3.7.2",
63
63
  "fs-extra": "^11.2.0"
64
64
  },
65
- "gitHead": "3b56a1dbe3fea9df0d6b644a1821afae9b376ee8"
65
+ "gitHead": "90b9c4c9352f9ae33139f4e376b97b3be43698fa"
66
66
  }