@liberstudio/cloudflare-list 2.1.9 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/middleware/attack-logger.middleware.js +4 -2
  2. package/dist/utils/get-client-ip.util.d.ts +2 -2
  3. package/dist/utils/get-client-ip.util.js +31 -7
  4. package/package.json +1 -1
package/dist/middleware/attack-logger.middleware.js CHANGED
@@ -65,9 +65,11 @@ let AttackLoggerMiddleware = AttackLoggerMiddleware_1 = class AttackLoggerMiddle
65
65
  this.logger.debug("Stream del log degli attacchi svuotato");
66
66
  });
67
67
  }
68
- const cidr = (0, utils_1.toCidr)(ip);
69
- if (!cidr)
68
+ const cidr = (0, utils_1.normalizeIp)(ip);
69
+ if (!cidr) {
70
+ this.logger.warn(`IP non valido: ${ip}`);
70
71
  return;
72
+ }
71
73
  this.attSrv.updateIpList(cidr).catch((err) => {
72
74
  const msg = err instanceof Error ? err.message : "Errore sconosciuto";
73
75
  this.logger.error(`Aggiornamento Cloudflare fallito: ${msg}`);
package/dist/utils/get-client-ip.util.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- import { Request } from "express";
1
+ import type { Request } from "express";
2
2
  export declare function getClientIp(req: Request): string;
3
- export declare function toCidr(ip: string): string | null;
3
+ export declare function normalizeIp(ip: string): string | null;
package/dist/utils/get-client-ip.util.js CHANGED
@@ -1,7 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.getClientIp = getClientIp;
4
- exports.toCidr = toCidr;
4
+ exports.normalizeIp = normalizeIp;
5
+ const net_1 = require("net");
5
6
  function getClientIp(req) {
6
7
  const cfIp = req.headers["cf-connecting-ip"];
7
8
  if (typeof cfIp === "string")
@@ -15,16 +16,39 @@ function getClientIp(req) {
15
16
  }
16
17
  return req.socket.remoteAddress ?? "unknown";
17
18
  }
18
- function toCidr(ip) {
19
+ function normalizeIp(ip) {
19
20
  if (!ip)
20
21
  return null;
21
- // IPv6
22
- if (ip.includes(":")) {
23
- return `${ip}/128`;
22
+ ip = ip.trim();
23
+ // IPv4-mapped IPv6 → converti in IPv4 puro
24
+ if (ip.startsWith("::ffff:")) {
25
+ ip = ip.replace("::ffff:", "");
24
26
  }
25
- // IPv4
26
- if (ip.includes(".")) {
27
+ const version = (0, net_1.isIP)(ip);
28
+ if (!version)
29
+ return null;
30
+ // Blocca loopback
31
+ if (ip === "127.0.0.1" || ip === "::1")
32
+ return null;
33
+ // Blocca IPv4 privati
34
+ if (version === 4) {
35
+ if (ip.startsWith("10.") || ip.startsWith("192.168.") || (ip.startsWith("172.") && isPrivate172(ip))) {
36
+ return null;
37
+ }
27
38
  return `${ip}/32`;
28
39
  }
40
+ // Blocca IPv6 link-local e unique local
41
+ if (version === 6) {
42
+ if (ip.startsWith("fe80:") || // link-local
43
+ ip.startsWith("fc") || // unique local
44
+ ip.startsWith("fd")) {
45
+ return null;
46
+ }
47
+ return `${ip}/128`;
48
+ }
29
49
  return null;
30
50
  }
51
+ function isPrivate172(ip) {
52
+ const secondOctet = Number(ip.split('.')[1]);
53
+ return secondOctet >= 16 && secondOctet <= 31;
54
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@liberstudio/cloudflare-list",
3
- "version": "2.1.9",
3
+ "version": "2.2.0",
4
4
  "description": "Modulo NestJS per gestione IP List Cloudflare",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",