@hackthedev/dsync-ipsec 1.0.2 → 1.0.4

package/.github/workflows/publish.yml

@@ -0,0 +1,43 @@
+name: Publish to npm
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: true
+
+      - name: Skip version bump commits
+        run: |
+          if git log -1 --pretty=%B | grep -q "chore: bump version"; then
+            echo "Version bump commit detected, skipping."
+            exit 0
+          fi
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+
+      - run: npm ci
+
+      - run: |
+          git config user.name "github-actions"
+          git config user.email "actions@github.com"
+          npm version patch -m "chore: bump version %s"
+          git push
+
+      - run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+

package/index.mjs

@@ -19,7 +19,10 @@ export default class dSyncIPSec {
                         "::1",
                         "127.0.0.1",
                         "localhost"
-                    ]
+                    ],
+                    //
+                    checkCache = null
+                    setCache = null
                 } = {}) {
 
         this.blockBogon = blockBogon;
@@ -31,38 +34,41 @@ export default class dSyncIPSec {
         this.blockTor = blockTor;
         this.blockAbuser = blockAbuser;
 
-        this.urlWhitelist = whitelistedUrls
-        this.ipWhitelist = whitelistedIps
-        this.ipBlacklist = blacklistedIps
-        this.companyDomainWhitelist = whitelistedCompanyDomains
-        this.blockedCountriesByCode = blockedCountryCodes
+        this.urlWhitelist = whitelistedUrls;
+        this.ipWhitelist = whitelistedIps;
+        this.ipBlacklist = blacklistedIps;
+        this.companyDomainWhitelist = whitelistedCompanyDomains;
+        this.blockedCountriesByCode = blockedCountryCodes;
+
+        this.checkCache = checkCache;
+        this.setCache = setCache;
     }
 
     updateRule({
-                    blockBogon = null,
-                    blockDatacenter = null,
-                    blockSatelite = null,
-                    blockCrawler = null,
-                    blockProxy = null,
-                    blockVPN = null,
-                    blockTor = null,
-                    blockAbuser = null,
+                   blockBogon = null,
+                   blockDatacenter = null,
+                   blockSatelite = null,
+                   blockCrawler = null,
+                   blockProxy = null,
+                   blockVPN = null,
+                   blockTor = null,
+                   blockAbuser = null,
 
                    whitelistedUrls = null,
                    whitelistedIps = null,
                    blockedCountryCodes = null,
                    whitelistedCompanyDomains = null,
                    blacklistedIps = null,
-                }){
+               }) {
 
-        if(blockBogon !== null) this.blockBogon = blockBogon
-        if(blockDatacenter !== null) this.blockDatacenter = blockDatacenter
-        if(blockSatelite !== null) this.blockSatelite =blockSatelite
-        if(blockCrawler !== null) this.blockCrawler = blockCrawler
-        if(blockProxy !== null) this.blockProxy = blockProxy
-        if(blockVPN !== null) this.blockVPN = blockVPN
-        if(blockTor !== null) this.blockTor = blockTor
-        if(blockAbuser !== null) this.blockAbuser = blockAbuser
+        if (blockBogon !== null) this.blockBogon = blockBogon
+        if (blockDatacenter !== null) this.blockDatacenter = blockDatacenter
+        if (blockSatelite !== null) this.blockSatelite = blockSatelite
+        if (blockCrawler !== null) this.blockCrawler = blockCrawler
+        if (blockProxy !== null) this.blockProxy = blockProxy
+        if (blockVPN !== null) this.blockVPN = blockVPN
+        if (blockTor !== null) this.blockTor = blockTor
+        if (blockAbuser !== null) this.blockAbuser = blockAbuser
 
         if (whitelistedUrls !== null) this.urlWhitelist = whitelistedUrls
         if (whitelistedIps !== null) this.ipWhitelist = whitelistedIps
@@ -71,35 +77,35 @@ export default class dSyncIPSec {
     }
 
 
-    whitelistIP(ip, allowDuplicates = false){
-        if(!ip) throw new Error("Unable to whitelist ip as no ip was provided.");
-        if(!ArrayTools.matches(this.ipWhitelist, ip) && !allowDuplicates)
+    whitelistIP(ip, allowDuplicates = false) {
+        if (!ip) throw new Error("Unable to whitelist ip as no ip was provided.");
+        if (!ArrayTools.matches(this.ipWhitelist, ip) && !allowDuplicates)
             ArrayTools.addEntry(this.ipWhitelist, ip);
-        if(ArrayTools.matches(this.ipBlacklist, ip))
+        if (ArrayTools.matches(this.ipBlacklist, ip))
             this.ipBlacklist = ArrayTools.removeEntry(this.ipBlacklist, ip);
     }
 
-    blacklistIp(ip, allowDuplicates = false){
-        if(!ip) throw new Error("Unable to blacklist ip as no ip was provided.");
-        if(!ArrayTools.matches(this.ipBlacklist, ip) && !allowDuplicates)
+    blacklistIp(ip, allowDuplicates = false) {
+        if (!ip) throw new Error("Unable to blacklist ip as no ip was provided.");
+        if (!ArrayTools.matches(this.ipBlacklist, ip) && !allowDuplicates)
             ArrayTools.addEntry(this.ipBlacklist, ip);
-        if(ArrayTools.matches(this.ipWhitelist, ip))
+        if (ArrayTools.matches(this.ipWhitelist, ip))
             this.ipWhitelist = ArrayTools.removeEntry(this.ipWhitelist, ip);
     }
 
 
-    isBlacklistedIp(ip){
-        if(!ip) throw new Error("Coudlnt check ip blacklist as no ip was provided.")
+    isBlacklistedIp(ip) {
+        if (!ip) throw new Error("Coudlnt check ip blacklist as no ip was provided.")
         return ArrayTools.matches(this.ipBlacklist, ip)
     }
 
-    isWhitelistedIp(ip){
-        if(!ip) throw new Error("Coudlnt check ip blacklist as no ip was provided.")
+    isWhitelistedIp(ip) {
+        if (!ip) throw new Error("Coudlnt check ip blacklist as no ip was provided.")
         return ArrayTools.matches(this.ipWhitelist, ip)
     }
 
-    async filterExpressTraffic(app){
-        if(!app) throw new Error("Unable to filter express traffic as no express app was provided.");
+    async filterExpressTraffic(app) {
+        if (!app) throw new Error("Unable to filter express traffic as no express app was provided.");
 
         app.use(async (req, res, next) => {
             const ipInfo = await this.lookupIP(this.getClientIp(req));
@@ -107,18 +113,18 @@ export default class dSyncIPSec {
 
             // whitelist some urls for functionality
             let reqPath = req.path;
-            if(!reqPath) throw new Error("Unable to get request path from req parameter as it wasnt specified or null");
+            if (!reqPath) throw new Error("Unable to get request path from req parameter as it wasnt specified or null");
 
             // first check for ip blacklist
-            if(ArrayTools.matches(this.ipBlacklist, ipInfo?.ip)) return res.sendStatus(403);
+            if (ArrayTools.matches(this.ipBlacklist, ipInfo?.ip)) return res.sendStatus(403);
 
             // then we can check for whitelisted urls as these bypass normal checks
             // url whitelist
-            if(ArrayTools.matches(this.urlWhitelist, reqPath)) return next();
+            if (ArrayTools.matches(this.urlWhitelist, reqPath)) return next();
             // let whitelisted ips pass
-            if(ArrayTools.matches(this.ipWhitelist, ipInfo?.ip)) return next();
+            if (ArrayTools.matches(this.ipWhitelist, ipInfo?.ip)) return next();
             // company domain whitelist
-            if(ArrayTools.matches(this.companyDomainWhitelist, ipInfo?.company?.domain)) return next();
+            if (ArrayTools.matches(this.companyDomainWhitelist, ipInfo?.company?.domain)) return next();
 
             // looking kinda beautiful
             if (ipInfo?.is_bogon && this.blockBogon) return res.sendStatus(403);
@@ -141,25 +147,34 @@ export default class dSyncIPSec {
     }
 
     getClientIp(req) {
-        if(!req) throw new Error("Unable to get client ip from req parameter as it wasnt specified or null");
+        if (!req) throw new Error("Unable to get client ip from req parameter as it wasnt specified or null");
         const xf = req.headers["x-forwarded-for"];
         if (xf) return xf.split(",")[0].trim();
         return req.socket?.remoteAddress || req.connection?.remoteAddress;
     }
 
-    async lookupIP(ip){
-        if(!ip) throw new Error("Unable to lookup ip as it wasnt provided.")
+    async lookupIP(ip) {
+        if (!ip) throw new Error("Unable to lookup ip as it wasnt provided.")
 
         // if an ip is blacklisted we return with an error "reponse"
-        if(this.isBlacklistedIp(ip)) return {error: `IP ${ip} was local.`};
+        if (this.isBlacklistedIp(ip)) return {error: `IP ${ip} was blacklisted.`};
+
+        // if we use cache we can skip the fetch
+        if (this.checkCache && typeof this.checkCache === "function") {
+            let ipInfo = await this.checkCache(ip);
+            if (ipInfo) return ipInfo;
+        }
 
         // make request to get ip info
         let ipRequest = await fetch(`https://api.ipapi.is/?q=${ip}`);
-        if(ipRequest.status === 200){
+        if (ipRequest.status === 200) {
             let ipData = await ipRequest.json();
+
+            // possibility to set cache
+            if(this.setCache && typeof this.setCache === "function") await this.setCache(ip, ipData);
+
             return ipData;
-        }
-        else{
+        } else {
             return {error: "Failed to fetch IP data"};
         }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hackthedev/dsync-ipsec",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "IP Based Security Library against Abuse",
   "license": "ISC",
   "author": "",