@liberstudio/cloudflare-list 2.0.18 → 2.2.0

package/dist/middleware/attack-logger.middleware.d.ts

@@ -13,7 +13,6 @@ export declare class AttackLoggerMiddleware implements NestMiddleware, OnModuleD
     use(req: Request, res: Response, next: NextFunction): void;
     private handleSuspicious;
     private isThrottled;
-    private getClientIp;
     private sanitize;
     private ensureDirectoryExists;
     onModuleDestroy(): void;

package/dist/middleware/attack-logger.middleware.js

@@ -49,7 +49,7 @@ let AttackLoggerMiddleware = AttackLoggerMiddleware_1 = class AttackLoggerMiddle
         next();
     }
     handleSuspicious(req) {
-        const ip = this.getClientIp(req);
+        const ip = (0, utils_1.getClientIp)(req);
         if (!ip || this.isThrottled(ip))
             return;
         const entry = {
@@ -65,9 +65,13 @@ let AttackLoggerMiddleware = AttackLoggerMiddleware_1 = class AttackLoggerMiddle
                 this.logger.debug("Stream del log degli attacchi svuotato");
             });
         }
-        this.attSrv.updateIpList(ip).catch((err) => {
+        const cidr = (0, utils_1.normalizeIp)(ip);
+        if (!cidr) {
+            this.logger.warn(`IP non valido: ${ip}`);
+            return;
+        }
+        this.attSrv.updateIpList(cidr).catch((err) => {
             const msg = err instanceof Error ? err.message : "Errore sconosciuto";
-            ;
             this.logger.error(`Aggiornamento Cloudflare fallito: ${msg}`);
         });
     }
@@ -80,19 +84,6 @@ let AttackLoggerMiddleware = AttackLoggerMiddleware_1 = class AttackLoggerMiddle
         this.recentIps.set(ip, timeout);
         return false;
     }
-    getClientIp(req) {
-        const cfIp = req.headers["cf-connecting-ip"];
-        if (typeof cfIp === "string")
-            return cfIp;
-        const xRealIp = req.headers["x-real-ip"];
-        if (typeof xRealIp === "string")
-            return xRealIp;
-        const xForwardedFor = req.headers["x-forwarded-for"];
-        if (typeof xForwardedFor === "string") {
-            return xForwardedFor.split(",")[0].trim();
-        }
-        return req.socket.remoteAddress ?? null;
-    }
     sanitize(value) {
         return value.replace(/[\r\n]/g, "_");
     }

package/dist/scripts/version-bump.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/version-bump.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const pkgPath = (0, node_path_1.resolve)(__dirname, '../../package.json');
+const pkg = JSON.parse((0, node_fs_1.readFileSync)(pkgPath, 'utf8'));
+let [major, minor, patch] = pkg.version.split('.').map(Number);
+// Incremento patch
+patch += 1;
+// Gestione rollover
+if (patch >= 10) {
+    minor += Math.floor(patch / 10);
+    patch = patch % 10;
+}
+if (minor >= 10) {
+    major += Math.floor(minor / 10);
+    minor = minor % 10;
+}
+// Ricostruzione versione
+pkg.version = `${major}.${minor}.${patch}`;
+// Scrittura package.json
+(0, node_fs_1.writeFileSync)(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+console.log(`Version updated to ${pkg.version}`);

package/dist/utils/get-client-ip.util.d.ts

@@ -1,2 +1,3 @@
-import { Request } from "express";
+import type { Request } from "express";
 export declare function getClientIp(req: Request): string;
+export declare function normalizeIp(ip: string): string | null;

package/dist/utils/get-client-ip.util.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getClientIp = getClientIp;
+exports.normalizeIp = normalizeIp;
+const net_1 = require("net");
 function getClientIp(req) {
     const cfIp = req.headers["cf-connecting-ip"];
     if (typeof cfIp === "string")
@@ -14,3 +16,39 @@ function getClientIp(req) {
     }
     return req.socket.remoteAddress ?? "unknown";
 }
+function normalizeIp(ip) {
+    if (!ip)
+        return null;
+    ip = ip.trim();
+    // IPv4-mapped IPv6 → converti in IPv4 puro
+    if (ip.startsWith("::ffff:")) {
+        ip = ip.replace("::ffff:", "");
+    }
+    const version = (0, net_1.isIP)(ip);
+    if (!version)
+        return null;
+    // Blocca loopback
+    if (ip === "127.0.0.1" || ip === "::1")
+        return null;
+    // Blocca IPv4 privati
+    if (version === 4) {
+        if (ip.startsWith("10.") || ip.startsWith("192.168.") || (ip.startsWith("172.") && isPrivate172(ip))) {
+            return null;
+        }
+        return `${ip}/32`;
+    }
+    // Blocca IPv6 link-local e unique local
+    if (version === 6) {
+        if (ip.startsWith("fe80:") || // link-local
+            ip.startsWith("fc") || // unique local
+            ip.startsWith("fd")) {
+            return null;
+        }
+        return `${ip}/128`;
+    }
+    return null;
+}
+function isPrivate172(ip) {
+    const secondOctet = Number(ip.split('.')[1]);
+    return secondOctet >= 16 && secondOctet <= 31;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@liberstudio/cloudflare-list",
-  "version": "2.0.18",
+  "version": "2.2.0",
   "description": "Modulo NestJS per gestione IP List Cloudflare",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,14 +15,14 @@
   "scripts": {
     "build": "npx tsc",
     "prepublishOnly": "npm run build",
-    "version:bump": "npm version patch --no-git-tag-version",
+    "version:bump": "npx tsx src/scripts/version-bump.ts",
     "pub": "npm publish --access public"
   },
   "publishConfig": {
     "access": "public"
   },
   "simple-git-hooks": {
-    "pre-commit": "npm run version:bump && git add package.json package-lock.json"
+    "pre-commit": "source ~/.bashrc && npm run version:bump && git add package.json package-lock.json"
   },
   "peerDependencies": {
     "@nestjs/axios": ">=3.0.0",