@abtnode/router-provider 1.16.45-beta-20250624-134945-a23c15fc → 1.16.45-beta-20250625-103530-e1f5b0b8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/nginx/includes/whitelist +0 -0
  2. package/lib/nginx/index.js +36 -8
  3. package/lib/nginx/util.js +4 -0
  4. package/package.json +7 -7
package/lib/nginx/includes/whitelist ADDED
File without changes
package/lib/nginx/index.js CHANGED
@@ -224,6 +224,9 @@ class NginxProvider extends BaseProvider {
224
224
  } else {
225
225
  this.updateBlacklist([]);
226
226
  }
227
+
228
+ this.updateWhitelist();
229
+
227
230
  this.updateProxyPolicy(proxyPolicy);
228
231
 
229
232
  const allRules = sites.reduce((acc, site) => {
@@ -293,8 +296,13 @@ class NginxProvider extends BaseProvider {
293
296
  }
294
297
 
295
298
  if (enableDefaultServer) {
296
- this._addDefaultServer(conf, nodeInfo.port);
297
- logger.info('enable default server success');
299
+ const existDefaultServer = !!sites.find((x) => x.domain === '_');
300
+ if (existDefaultServer) {
301
+ logger.info('default server is declared by blocklet server');
302
+ } else {
303
+ this._addDefaultServer(conf, nodeInfo.port);
304
+ logger.info('add default server success');
305
+ }
298
306
  } else {
299
307
  this._addDefaultBlackHoleServer(conf);
300
308
  logger.info('add default blackhole server success');
@@ -897,7 +905,12 @@ class NginxProvider extends BaseProvider {
897
905
  server._add('listen', `${decideHttpsPort()} ssl`);
898
906
  }
899
907
 
900
- server._add('return', '444');
908
+ if (process.env.ABT_NODE_IP_WHITELIST) {
909
+ server._addVerbatimBlock('if ($access_trusted = 0)', 'return 444;');
910
+ server._add('return', '200');
911
+ } else {
912
+ server._add('return', '444');
913
+ }
901
914
  }
902
915
 
903
916
  _addStubStatusLocation(conf) {
@@ -985,7 +998,10 @@ class NginxProvider extends BaseProvider {
985
998
  }
986
999
 
987
1000
  _addHttpServerUnit({ conf, serverName, port = '' }) {
988
- const listen = port || this.httpPort;
1001
+ let listen = port || this.httpPort;
1002
+ if (serverName === '_') {
1003
+ listen = `${listen} default_server`;
1004
+ }
989
1005
 
990
1006
  conf.nginx.http._add('server');
991
1007
  const httpServerUnit = this._getLastServer(conf);
@@ -1190,6 +1206,18 @@ class NginxProvider extends BaseProvider {
1190
1206
  fs.writeFileSync(blacklistFile, blacklist.map((x) => `${x} 1;`).join(os.EOL));
1191
1207
  }
1192
1208
 
1209
+ updateWhitelist() {
1210
+ try {
1211
+ const whitelistFile = path.join(this.includesDir, 'whitelist');
1212
+ let whitelist = process.env.ABT_NODE_IP_WHITELIST?.split(',') || []; // IP 地址列表,支持 CIDR 格式
1213
+ whitelist = whitelist.map((x) => x.trim()).filter(Boolean);
1214
+
1215
+ fs.writeFileSync(whitelistFile, whitelist.map((x) => `${x} 1;`).join(os.EOL));
1216
+ } catch (error) {
1217
+ logger.error('Failed to update whitelist', { error, env: process.env.ABT_NODE_IP_WHITELIST });
1218
+ }
1219
+ }
1220
+
1193
1221
  updateProxyPolicy(proxyPolicy) {
1194
1222
  const proxyRaw = fs.readFileSync(path.join(this.includesDir, 'proxy.raw'), 'utf8');
1195
1223
  const proxyPolicyFile = path.join(this.includesDir, 'proxy');
@@ -1447,6 +1475,10 @@ NginxProvider.check = async ({ configDir = '' } = {}) => {
1447
1475
  await provider.start();
1448
1476
  await provider.stop();
1449
1477
 
1478
+ if (fs.existsSync(testDir)) {
1479
+ fs.rmSync(testDir, { recursive: true, force: true });
1480
+ }
1481
+
1450
1482
  return result;
1451
1483
  } catch (error) {
1452
1484
  if (process.env.DEBUG) {
@@ -1456,10 +1488,6 @@ NginxProvider.check = async ({ configDir = '' } = {}) => {
1456
1488
  result.error = error.message;
1457
1489
  logger.error('check nginx failed', { error });
1458
1490
  return result;
1459
- } finally {
1460
- if (fs.existsSync(testDir)) {
1461
- fs.rmSync(testDir, { recursive: true, force: true });
1462
- }
1463
1491
  }
1464
1492
  };
1465
1493
 
package/lib/nginx/util.js CHANGED
@@ -209,6 +209,10 @@ real_ip_recursive ${proxyPolicy?.trustRecursive ? 'on' : 'off'};`
209
209
  default 0;
210
210
  include includes/blacklist;
211
211
  }
212
+ geo $access_trusted {
213
+ default 0;
214
+ include includes/whitelist;
215
+ }
212
216
  map $http_upgrade $connection_upgrade {
213
217
  default upgrade;
214
218
  '' "";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@abtnode/router-provider",
3
- "version": "1.16.45-beta-20250624-134945-a23c15fc",
3
+ "version": "1.16.45-beta-20250625-103530-e1f5b0b8",
4
4
  "description": "Routing engine implementations for abt node",
5
5
  "author": "polunzh <polunzh@gmail.com>",
6
6
  "homepage": "https://github.com/ArcBlock/blocklet-server#readme",
@@ -32,11 +32,11 @@
32
32
  "url": "https://github.com/ArcBlock/blocklet-server/issues"
33
33
  },
34
34
  "dependencies": {
35
- "@abtnode/constant": "1.16.45-beta-20250624-134945-a23c15fc",
36
- "@abtnode/db-cache": "1.16.45-beta-20250624-134945-a23c15fc",
37
- "@abtnode/logger": "1.16.45-beta-20250624-134945-a23c15fc",
38
- "@abtnode/router-templates": "1.16.45-beta-20250624-134945-a23c15fc",
39
- "@abtnode/util": "1.16.45-beta-20250624-134945-a23c15fc",
35
+ "@abtnode/constant": "1.16.45-beta-20250625-103530-e1f5b0b8",
36
+ "@abtnode/db-cache": "1.16.45-beta-20250625-103530-e1f5b0b8",
37
+ "@abtnode/logger": "1.16.45-beta-20250625-103530-e1f5b0b8",
38
+ "@abtnode/router-templates": "1.16.45-beta-20250625-103530-e1f5b0b8",
39
+ "@abtnode/util": "1.16.45-beta-20250625-103530-e1f5b0b8",
40
40
  "@arcblock/http-proxy": "^1.19.1",
41
41
  "@arcblock/is-valid-domain": "^1.0.5",
42
42
  "@ocap/util": "^1.20.14",
@@ -62,5 +62,5 @@
62
62
  "bluebird": "^3.7.2",
63
63
  "fs-extra": "^11.2.0"
64
64
  },
65
- "gitHead": "3b56a1dbe3fea9df0d6b644a1821afae9b376ee8"
65
+ "gitHead": "68ba563213161265ceb38eaec06d43454a341f48"
66
66
  }