@hackthedev/dsync-ipsec 1.0.4 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +44 -37
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -21,7 +21,7 @@ export default class dSyncIPSec {
|
|
|
21
21
|
"localhost"
|
|
22
22
|
],
|
|
23
23
|
//
|
|
24
|
-
checkCache = null
|
|
24
|
+
checkCache = null,
|
|
25
25
|
setCache = null
|
|
26
26
|
} = {}) {
|
|
27
27
|
|
|
@@ -104,48 +104,55 @@ export default class dSyncIPSec {
|
|
|
104
104
|
return ArrayTools.matches(this.ipWhitelist, ip)
|
|
105
105
|
}
|
|
106
106
|
|
|
107
|
-
async
|
|
108
|
-
|
|
107
|
+
async checkRequest(req) {
|
|
108
|
+
const ipInfo = await this.lookupIP(this.getClientIp(req));
|
|
109
|
+
if (!ipInfo) return { allow: true };
|
|
109
110
|
|
|
111
|
+
const reqPath = req.path;
|
|
112
|
+
if (!reqPath) return { allow: true };
|
|
113
|
+
|
|
114
|
+
if (ArrayTools.matches(this.ipBlacklist, ipInfo.ip))
|
|
115
|
+
return { allow: false, code: 403 };
|
|
116
|
+
|
|
117
|
+
if (ArrayTools.matches(this.urlWhitelist, reqPath))
|
|
118
|
+
return { allow: true };
|
|
119
|
+
|
|
120
|
+
if (ArrayTools.matches(this.ipWhitelist, ipInfo.ip))
|
|
121
|
+
return { allow: true };
|
|
122
|
+
|
|
123
|
+
if (ArrayTools.matches(this.companyDomainWhitelist, ipInfo?.company?.domain))
|
|
124
|
+
return { allow: true };
|
|
125
|
+
|
|
126
|
+
if (ipInfo.is_bogon && this.blockBogon) return { allow: false, code: 403 };
|
|
127
|
+
if (ipInfo.is_datacenter && this.blockDatacenter) return { allow: false, code: 403 };
|
|
128
|
+
if (ipInfo.is_satelite && this.blockSatelite) return { allow: false, code: 403 };
|
|
129
|
+
if (ipInfo.is_crawler && this.blockCrawler) return { allow: false, code: 403 };
|
|
130
|
+
if (ipInfo.is_proxy && this.blockProxy) return { allow: false, code: 403 };
|
|
131
|
+
if (ipInfo.is_vpn && this.blockVPN) return { allow: false, code: 403 };
|
|
132
|
+
if (ipInfo.is_tor && this.blockTor) return { allow: false, code: 403 };
|
|
133
|
+
if (ipInfo.is_abuser && this.blockAbuser) return { allow: false, code: 403 };
|
|
134
|
+
|
|
135
|
+
if (
|
|
136
|
+
ipInfo.location?.country_code &&
|
|
137
|
+
ArrayTools.matches(
|
|
138
|
+
this.blockedCountriesByCode,
|
|
139
|
+
ipInfo.location.country_code.toLowerCase()
|
|
140
|
+
)
|
|
141
|
+
) return { allow: false, code: 403 };
|
|
142
|
+
|
|
143
|
+
return { allow: true };
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
|
|
147
|
+
filterExpressTraffic(app) {
|
|
110
148
|
app.use(async (req, res, next) => {
|
|
111
|
-
const
|
|
112
|
-
if (!
|
|
113
|
-
|
|
114
|
-
// whitelist some urls for functionality
|
|
115
|
-
let reqPath = req.path;
|
|
116
|
-
if (!reqPath) throw new Error("Unable to get request path from req parameter as it wasnt specified or null");
|
|
117
|
-
|
|
118
|
-
// first check for ip blacklist
|
|
119
|
-
if (ArrayTools.matches(this.ipBlacklist, ipInfo?.ip)) return res.sendStatus(403);
|
|
120
|
-
|
|
121
|
-
// then we can check for whitelisted urls as these bypass normal checks
|
|
122
|
-
// url whitelist
|
|
123
|
-
if (ArrayTools.matches(this.urlWhitelist, reqPath)) return next();
|
|
124
|
-
// let whitelisted ips pass
|
|
125
|
-
if (ArrayTools.matches(this.ipWhitelist, ipInfo?.ip)) return next();
|
|
126
|
-
// company domain whitelist
|
|
127
|
-
if (ArrayTools.matches(this.companyDomainWhitelist, ipInfo?.company?.domain)) return next();
|
|
128
|
-
|
|
129
|
-
// looking kinda beautiful
|
|
130
|
-
if (ipInfo?.is_bogon && this.blockBogon) return res.sendStatus(403);
|
|
131
|
-
if (ipInfo?.is_datacenter && this.blockDatacenter) return res.sendStatus(403);
|
|
132
|
-
if (ipInfo?.is_satelite && this.blockSatelite) return res.sendStatus(403);
|
|
133
|
-
if (ipInfo?.is_crawler && this.blockCrawler) return res.sendStatus(403);
|
|
134
|
-
if (ipInfo?.is_proxy && this.blockProxy) return res.sendStatus(403);
|
|
135
|
-
if (ipInfo?.is_vpn && this.blockVPN) return res.sendStatus(403);
|
|
136
|
-
if (ipInfo?.is_tor && this.blockTor) return res.sendStatus(403);
|
|
137
|
-
if (ipInfo?.is_abuser && this.blockAbuser) return res.sendStatus(403);
|
|
138
|
-
|
|
139
|
-
if (
|
|
140
|
-
ipInfo.location?.country_code &&
|
|
141
|
-
ArrayTools.matches(this.blockedCountriesByCode, ipInfo?.location?.country_code?.toLowerCase())
|
|
142
|
-
) return res.sendStatus(403);
|
|
143
|
-
|
|
144
|
-
// continue
|
|
149
|
+
const r = await this.checkRequest(req);
|
|
150
|
+
if (!r.allow) return res.sendStatus(r.code || 403);
|
|
145
151
|
next();
|
|
146
152
|
});
|
|
147
153
|
}
|
|
148
154
|
|
|
155
|
+
|
|
149
156
|
getClientIp(req) {
|
|
150
157
|
if (!req) throw new Error("Unable to get client ip from req parameter as it wasnt specified or null");
|
|
151
158
|
const xf = req.headers["x-forwarded-for"];
|