npm - @hackthedev/dsync-ipsec - Versions diffs - 1.0.5 → 1.0.7 - Mend

@hackthedev/dsync-ipsec 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.mjs +50 -37
package/package.json +1 -1

package/index.mjs CHANGED Viewed

@@ -104,48 +104,61 @@ export default class dSyncIPSec {
         return ArrayTools.matches(this.ipWhitelist, ip)
     }
-    async filterExpressTraffic(app) {
-        if (!app) throw new Error("Unable to filter express traffic as no express app was provided.");
+    async checkRequest(req) {
+        let clientIP = this.getClientIp(req);
+        // remove localhost ips
+        if(clientIP === "::1" || clientIP === "127.0.0.1") return { allow: true }
+        const ipInfo = await this.lookupIP(clientIP);
+        if (!ipInfo) return { allow: true };
+        if (ipInfo?.blocked === true) return { allow: false };
+        const reqPath = req.path;
+        if (!reqPath) return { allow: true };
+        if (ArrayTools.matches(this.ipBlacklist, ipInfo.ip))
+            return { allow: false, code: 403 };
+        if (ArrayTools.matches(this.urlWhitelist, reqPath))
+            return { allow: true };
+        if (ArrayTools.matches(this.ipWhitelist, ipInfo.ip))
+            return { allow: true };
+        if (ArrayTools.matches(this.companyDomainWhitelist, ipInfo?.company?.domain))
+            return { allow: true };
+        if (ipInfo.is_bogon && this.blockBogon) return { allow: false, code: 403 };
+        if (ipInfo.is_datacenter && this.blockDatacenter) return { allow: false, code: 403 };
+        if (ipInfo.is_satelite && this.blockSatelite) return { allow: false, code: 403 };
+        if (ipInfo.is_crawler && this.blockCrawler) return { allow: false, code: 403 };
+        if (ipInfo.is_proxy && this.blockProxy) return { allow: false, code: 403 };
+        if (ipInfo.is_vpn && this.blockVPN) return { allow: false, code: 403 };
+        if (ipInfo.is_tor && this.blockTor) return { allow: false, code: 403 };
+        if (ipInfo.is_abuser && this.blockAbuser) return { allow: false, code: 403 };
+        if (
+            ipInfo.location?.country_code &&
+            ArrayTools.matches(
+                this.blockedCountriesByCode,
+                ipInfo.location.country_code.toLowerCase()
+            )
+        ) return { allow: false, code: 403 };
+        return { allow: true };
+    }
+    filterExpressTraffic(app) {
         app.use(async (req, res, next) => {
-            const ipInfo = await this.lookupIP(this.getClientIp(req));
-            if (!ipInfo) return next();
-            // whitelist some urls for functionality
-            let reqPath = req.path;
-            if (!reqPath) throw new Error("Unable to get request path from req parameter as it wasnt specified or null");
-            // first check for ip blacklist
-            if (ArrayTools.matches(this.ipBlacklist, ipInfo?.ip)) return res.sendStatus(403);
-            // then we can check for whitelisted urls as these bypass normal checks
-            // url whitelist
-            if (ArrayTools.matches(this.urlWhitelist, reqPath)) return next();
-            // let whitelisted ips pass
-            if (ArrayTools.matches(this.ipWhitelist, ipInfo?.ip)) return next();
-            // company domain whitelist
-            if (ArrayTools.matches(this.companyDomainWhitelist, ipInfo?.company?.domain)) return next();
-            // looking kinda beautiful
-            if (ipInfo?.is_bogon && this.blockBogon) return res.sendStatus(403);
-            if (ipInfo?.is_datacenter && this.blockDatacenter) return res.sendStatus(403);
-            if (ipInfo?.is_satelite && this.blockSatelite) return res.sendStatus(403);
-            if (ipInfo?.is_crawler && this.blockCrawler) return res.sendStatus(403);
-            if (ipInfo?.is_proxy && this.blockProxy) return res.sendStatus(403);
-            if (ipInfo?.is_vpn && this.blockVPN) return res.sendStatus(403);
-            if (ipInfo?.is_tor && this.blockTor) return res.sendStatus(403);
-            if (ipInfo?.is_abuser && this.blockAbuser) return res.sendStatus(403);
-            if (
-                ipInfo.location?.country_code &&
-                ArrayTools.matches(this.blockedCountriesByCode, ipInfo?.location?.country_code?.toLowerCase())
-            ) return res.sendStatus(403);
-            // continue
+            const r = await this.checkRequest(req);
+            if (!r.allow) return res.sendStatus(r.code || 403);
             next();
         });
     }
     getClientIp(req) {
         if (!req) throw new Error("Unable to get client ip from req parameter as it wasnt specified or null");
         const xf = req.headers["x-forwarded-for"];
@@ -157,7 +170,7 @@ export default class dSyncIPSec {
         if (!ip) throw new Error("Unable to lookup ip as it wasnt provided.")
         // if an ip is blacklisted we return with an error "reponse"
-        if (this.isBlacklistedIp(ip)) return {error: `IP ${ip} was blacklisted.`};
+        if (this.isBlacklistedIp(ip)) return {error: `IP ${ip} was blacklisted.`, blocked: true};
         // if we use cache we can skip the fetch
         if (this.checkCache && typeof this.checkCache === "function") {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hackthedev/dsync-ipsec",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "IP Based Security Library against Abuse",
   "license": "ISC",
   "author": "",