@nest-omni/core 4.1.3-20 → 4.1.3-23

package/ip-filter/ip-filter.module.js

@@ -0,0 +1,105 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var IpFilterModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IpFilterModule = void 0;
+const common_1 = require("@nestjs/common");
+const ip_filter_guard_1 = require("./guards/ip-filter.guard");
+const ip_filter_service_1 = require("./services/ip-filter.service");
+/**
+ * IP过滤模块
+ * 提供IP访问控制功能
+ *
+ * @example
+ * ```typescript
+ * // 同步配置
+ * @Module({
+ *   imports: [
+ *     IpFilterModule.register({
+ *       mode: 'whitelist',
+ *       defaultPolicy: 'deny',
+ *       rules: [
+ *         {
+ *           id: 'office-network',
+ *           type: 'whitelist',
+ *           ipRanges: ['192.168.1.0/24', '10.0.0.0/8'],
+ *           enabled: true,
+ *           priority: 100,
+ *         },
+ *       ],
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ *
+ * // 异步配置
+ * @Module({
+ *   imports: [
+ *     IpFilterModule.registerAsync({
+ *       imports: [ConfigModule],
+ *       inject: [ConfigService],
+ *       useFactory: (config: ConfigService) => ({
+ *         mode: 'whitelist',
+ *         defaultPolicy: 'deny',
+ *         rules: config.get('ipFilterRules'),
+ *       }),
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ * ```
+ */
+let IpFilterModule = IpFilterModule_1 = class IpFilterModule {
+    /**
+     * 同步注册模块
+     */
+    static register(options) {
+        const serviceProvider = {
+            provide: ip_filter_service_1.IpFilterService,
+            useValue: new ip_filter_service_1.IpFilterService(options),
+        };
+        return {
+            module: IpFilterModule_1,
+            providers: [serviceProvider, ip_filter_guard_1.IpFilterGuard],
+            exports: [ip_filter_service_1.IpFilterService, ip_filter_guard_1.IpFilterGuard],
+        };
+    }
+    /**
+     * 异步注册模块
+     */
+    static registerAsync(options) {
+        const serviceProvider = {
+            provide: ip_filter_service_1.IpFilterService,
+            useFactory: (...args) => __awaiter(this, void 0, void 0, function* () {
+                const moduleOptions = yield options.useFactory(...args);
+                return new ip_filter_service_1.IpFilterService(moduleOptions);
+            }),
+            inject: options.inject || [],
+        };
+        return {
+            module: IpFilterModule_1,
+            imports: options.imports || [],
+            providers: [serviceProvider, ip_filter_guard_1.IpFilterGuard],
+            exports: [ip_filter_service_1.IpFilterService, ip_filter_guard_1.IpFilterGuard],
+        };
+    }
+};
+exports.IpFilterModule = IpFilterModule;
+exports.IpFilterModule = IpFilterModule = IpFilterModule_1 = __decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({})
+], IpFilterModule);

package/ip-filter/services/index.d.ts

@@ -0,0 +1 @@
+export * from './ip-filter.service';

package/ip-filter/services/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./ip-filter.service"), exports);

package/ip-filter/services/ip-filter.service.d.ts

@@ -0,0 +1,92 @@
+import { IpFilterModuleOptions, IpRule } from '../interfaces';
+/**
+ * IP检查结果
+ */
+export interface IpCheckResult {
+    allowed: boolean;
+    matchedRule?: string;
+    ruleType?: 'whitelist' | 'blacklist';
+    reason?: string;
+}
+/**
+ * IP过滤服务（优化版）
+ *
+ * 功能:
+ * - IP 规则匹配
+ * - 优先级处理
+ * - 黑名单优先检查
+ * - 白名单验证
+ * - 默认策略应用
+ * - 规则热更新
+ */
+export declare class IpFilterService {
+    private readonly options?;
+    private readonly logger;
+    private rules;
+    private defaultPolicy;
+    constructor(options?: IpFilterModuleOptions);
+    /**
+     * 检查IP是否被允许访问
+     */
+    checkIp(ip: string, routeMetadata?: any): IpCheckResult;
+    /**
+     * 检查路由级别规则
+     */
+    private checkRouteRules;
+    /**
+     * 检查全局规则
+     */
+    private checkGlobalRules;
+    /**
+     * 更新规则（热更新）
+     *
+     * @param rules - 新的规则列表
+     * @param clearCache - 是否清除缓存（默认: true）
+     */
+    updateRules(rules: IpRule[], clearCache?: boolean): void;
+    /**
+     * 重新加载规则
+     *
+     * @param newOptions - 新的模块选项
+     */
+    reloadRules(newOptions: IpFilterModuleOptions): void;
+    /**
+     * 添加单个规则
+     *
+     * @param rule - 要添加的规则
+     */
+    addRule(rule: IpRule): void;
+    /**
+     * 删除规则
+     *
+     * @param ruleId - 要删除的规则ID
+     */
+    removeRule(ruleId: string): void;
+    /**
+     * 启用/禁用规则
+     *
+     * @param ruleId - 规则ID
+     * @param enabled - 是否启用
+     */
+    toggleRule(ruleId: string, enabled: boolean): void;
+    /**
+     * 获取所有规则
+     */
+    getRules(): IpRule[];
+    /**
+     * 获取规则统计
+     */
+    getRulesStats(): {
+        total: number;
+        enabled: number;
+        disabled: number;
+        whitelist: number;
+        blacklist: number;
+    };
+    private logBlocked;
+    private logAllowed;
+    getErrorResponse(): {
+        message: string;
+        statusCode: number;
+    };
+}

package/ip-filter/services/ip-filter.service.js

@@ -0,0 +1,238 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var IpFilterService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IpFilterService = void 0;
+const common_1 = require("@nestjs/common");
+const utils_1 = require("../utils");
+/**
+ * 默认常量
+ */
+const DEFAULT_CONSTANTS = {
+    DEFAULT_PRIORITY: 50,
+    DEFAULT_ERROR_MESSAGE: 'Access denied',
+    DEFAULT_ERROR_STATUS_CODE: 403,
+};
+/**
+ * IP过滤服务（优化版）
+ *
+ * 功能:
+ * - IP 规则匹配
+ * - 优先级处理
+ * - 黑名单优先检查
+ * - 白名单验证
+ * - 默认策略应用
+ * - 规则热更新
+ */
+let IpFilterService = IpFilterService_1 = class IpFilterService {
+    constructor(options) {
+        this.options = options;
+        this.logger = new common_1.Logger(IpFilterService_1.name);
+        this.rules = [];
+        this.defaultPolicy = 'allow';
+        if (options === null || options === void 0 ? void 0 : options.rules) {
+            this.rules = [...options.rules];
+        }
+        if (options === null || options === void 0 ? void 0 : options.defaultPolicy) {
+            this.defaultPolicy = options.defaultPolicy;
+        }
+    }
+    /**
+     * 检查IP是否被允许访问
+     */
+    checkIp(ip, routeMetadata) {
+        var _a;
+        const normalizedIp = utils_1.IpUtils.normalizeIp(ip);
+        if (!utils_1.IpUtils.isValidIp(normalizedIp)) {
+            return { allowed: false, reason: 'Invalid IP address format' };
+        }
+        // 路由级别规则优先
+        if ((routeMetadata === null || routeMetadata === void 0 ? void 0 : routeMetadata.enabled) !== false && ((_a = routeMetadata === null || routeMetadata === void 0 ? void 0 : routeMetadata.ipRanges) === null || _a === void 0 ? void 0 : _a.length)) {
+            return this.checkRouteRules(normalizedIp, routeMetadata);
+        }
+        // 全局规则
+        return this.checkGlobalRules(normalizedIp);
+    }
+    /**
+     * 检查路由级别规则
+     */
+    checkRouteRules(ip, metadata) {
+        const { mode, ipRanges } = metadata;
+        const matched = utils_1.IpUtils.matchAnyCidr(ip, ipRanges);
+        if (mode === 'whitelist') {
+            return {
+                allowed: matched,
+                ruleType: 'whitelist',
+                reason: matched ? 'IP in route whitelist' : 'IP not in route whitelist',
+            };
+        }
+        // blacklist
+        return {
+            allowed: !matched,
+            ruleType: matched ? 'blacklist' : undefined,
+            reason: matched ? 'IP in route blacklist' : 'IP not in route blacklist',
+        };
+    }
+    /**
+     * 检查全局规则
+     */
+    checkGlobalRules(ip) {
+        var _a;
+        if (!((_a = this.rules) === null || _a === void 0 ? void 0 : _a.length)) {
+            return {
+                allowed: this.defaultPolicy === 'allow',
+                reason: 'No rules configured',
+            };
+        }
+        // 按优先级排序：黑名单优先
+        const sortedRules = [...this.rules]
+            .filter(r => r.enabled !== false)
+            .sort((a, b) => (b.priority || DEFAULT_CONSTANTS.DEFAULT_PRIORITY) - (a.priority || DEFAULT_CONSTANTS.DEFAULT_PRIORITY));
+        // 黑名单优先检查
+        for (const rule of sortedRules.filter(r => r.type === 'blacklist')) {
+            if (utils_1.IpUtils.matchAnyCidr(ip, rule.ipRanges)) {
+                this.logBlocked(ip, rule);
+                return { allowed: false, matchedRule: rule.id, ruleType: 'blacklist' };
+            }
+        }
+        // 白名单
+        const whitelistRules = sortedRules.filter(r => r.type === 'whitelist');
+        if (whitelistRules.length) {
+            for (const rule of whitelistRules) {
+                if (utils_1.IpUtils.matchAnyCidr(ip, rule.ipRanges)) {
+                    this.logAllowed(ip, rule);
+                    return { allowed: true, matchedRule: rule.id, ruleType: 'whitelist' };
+                }
+            }
+            // 有白名单但未匹配
+            return { allowed: false, reason: 'IP not in any whitelist' };
+        }
+        // 默认策略
+        return {
+            allowed: this.defaultPolicy === 'allow',
+            reason: `Using default policy: ${this.defaultPolicy}`,
+        };
+    }
+    /**
+     * 更新规则（热更新）
+     *
+     * @param rules - 新的规则列表
+     * @param clearCache - 是否清除缓存（默认: true）
+     */
+    updateRules(rules, clearCache = true) {
+        this.rules = [...rules];
+        if (clearCache) {
+            utils_1.IpUtils.clearCache();
+            this.logger.log(`Rules updated and cache cleared. Total rules: ${rules.length}`);
+        }
+        else {
+            this.logger.log(`Rules updated. Total rules: ${rules.length}`);
+        }
+    }
+    /**
+     * 重新加载规则
+     *
+     * @param newOptions - 新的模块选项
+     */
+    reloadRules(newOptions) {
+        if (newOptions.rules) {
+            this.updateRules(newOptions.rules);
+        }
+        if (newOptions.defaultPolicy) {
+            this.defaultPolicy = newOptions.defaultPolicy;
+        }
+        this.logger.log('Rules reloaded successfully');
+    }
+    /**
+     * 添加单个规则
+     *
+     * @param rule - 要添加的规则
+     */
+    addRule(rule) {
+        this.rules.push(rule);
+        utils_1.IpUtils.clearCache();
+        this.logger.log(`Rule added: ${rule.id}`);
+    }
+    /**
+     * 删除规则
+     *
+     * @param ruleId - 要删除的规则ID
+     */
+    removeRule(ruleId) {
+        const index = this.rules.findIndex(r => r.id === ruleId);
+        if (index !== -1) {
+            this.rules.splice(index, 1);
+            utils_1.IpUtils.clearCache();
+            this.logger.log(`Rule removed: ${ruleId}`);
+        }
+    }
+    /**
+     * 启用/禁用规则
+     *
+     * @param ruleId - 规则ID
+     * @param enabled - 是否启用
+     */
+    toggleRule(ruleId, enabled) {
+        const rule = this.rules.find(r => r.id === ruleId);
+        if (rule) {
+            rule.enabled = enabled;
+            utils_1.IpUtils.clearCache();
+            this.logger.log(`Rule ${ruleId} ${enabled ? 'enabled' : 'disabled'}`);
+        }
+    }
+    /**
+     * 获取所有规则
+     */
+    getRules() {
+        return [...this.rules];
+    }
+    /**
+     * 获取规则统计
+     */
+    getRulesStats() {
+        const total = this.rules.length;
+        const enabled = this.rules.filter(r => r.enabled !== false).length;
+        const disabled = total - enabled;
+        const whitelist = this.rules.filter(r => r.type === 'whitelist').length;
+        const blacklist = this.rules.filter(r => r.type === 'blacklist').length;
+        return {
+            total,
+            enabled,
+            disabled,
+            whitelist,
+            blacklist,
+        };
+    }
+    logBlocked(ip, rule) {
+        var _a;
+        if ((_a = this.options) === null || _a === void 0 ? void 0 : _a.enableLogging) {
+            this.logger.warn(`IP blocked: ${ip} - Rule: ${rule.id}`);
+        }
+    }
+    logAllowed(ip, rule) {
+        var _a;
+        if ((_a = this.options) === null || _a === void 0 ? void 0 : _a.enableLogging) {
+            this.logger.log(`IP allowed: ${ip} - Rule: ${rule.id}`);
+        }
+    }
+    getErrorResponse() {
+        var _a, _b, _c, _d;
+        return {
+            message: ((_b = (_a = this.options) === null || _a === void 0 ? void 0 : _a.errorResponse) === null || _b === void 0 ? void 0 : _b.message) || DEFAULT_CONSTANTS.DEFAULT_ERROR_MESSAGE,
+            statusCode: ((_d = (_c = this.options) === null || _c === void 0 ? void 0 : _c.errorResponse) === null || _d === void 0 ? void 0 : _d.statusCode) || DEFAULT_CONSTANTS.DEFAULT_ERROR_STATUS_CODE,
+        };
+    }
+};
+exports.IpFilterService = IpFilterService;
+exports.IpFilterService = IpFilterService = IpFilterService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [Object])
+], IpFilterService);

package/ip-filter/utils/index.d.ts

@@ -0,0 +1 @@
+export * from './ip-utils';

package/ip-filter/utils/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./ip-utils"), exports);

package/ip-filter/utils/ip-utils.d.ts

@@ -0,0 +1,61 @@
+/**
+ * IP匹配结果
+ */
+export interface IpMatchResult {
+    matched: boolean;
+    ruleId?: string;
+    ruleType?: 'whitelist' | 'blacklist';
+}
+/**
+ * IP工具类（优化版）
+ * 提供IP地址匹配和验证功能，带LRU缓存优化
+ */
+export declare class IpUtils {
+    private static cidrCache;
+    private static validationCache;
+    /**
+     * 检查IP地址是否匹配CIDR范围（带缓存）
+     */
+    static matchCidr(ip: string, cidr: string): boolean;
+    /**
+     * 实际执行CIDR匹配
+     */
+    private static doMatchCidr;
+    /**
+     * 检查IP地址是否在任意一个CIDR范围内（短路优化）
+     */
+    static matchAnyCidr(ip: string, cidrList: string[]): boolean;
+    /**
+     * 验证IP地址格式是否有效（带缓存）
+     */
+    static isValidIp(ip: string): boolean;
+    /**
+     * 验证IP地址格式是否有效（同步版本）
+     */
+    static isValidIpSync(ip: string): boolean;
+    /**
+     * 标准化IP地址（优化版）
+     */
+    static normalizeIp(ip: string): string;
+    /**
+     * 获取IP版本
+     */
+    static getIpVersion(ip: string): 'IPv4' | 'IPv6' | 'unknown';
+    /**
+     * 清空缓存（用于测试或规则变更）
+     */
+    static clearCache(): void;
+    /**
+     * 获取缓存统计
+     */
+    static getCacheStats(): {
+        cidr: {
+            size: number;
+            maxSize: number;
+        };
+        validation: {
+            size: number;
+            maxSize: number;
+        };
+    };
+}

package/ip-filter/utils/ip-utils.js

@@ -0,0 +1,162 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IpUtils = void 0;
+const Address = require("ip-address");
+const lru_cache_1 = require("lru-cache");
+/**
+ * 缓存常量
+ */
+const CACHE_CONSTANTS = {
+    CIDR_CACHE_SIZE: 1000,
+    VALIDATION_CACHE_SIZE: 500,
+};
+/**
+ * IP工具类（优化版）
+ * 提供IP地址匹配和验证功能，带LRU缓存优化
+ */
+class IpUtils {
+    /**
+     * 检查IP地址是否匹配CIDR范围（带缓存）
+     */
+    static matchCidr(ip, cidr) {
+        const cacheKey = `${ip}:${cidr}`;
+        const cached = this.cidrCache.get(cacheKey);
+        if (cached !== undefined) {
+            return cached;
+        }
+        const result = this.doMatchCidr(ip, cidr);
+        this.cidrCache.set(cacheKey, result);
+        return result;
+    }
+    /**
+     * 实际执行CIDR匹配
+     */
+    static doMatchCidr(ip, cidr) {
+        try {
+            // 快速路径：单个IP精确匹配
+            if (!cidr.includes('/')) {
+                return ip === cidr;
+            }
+            // IPv4快速路径
+            if (!ip.includes(':') && !cidr.includes(':')) {
+                const ipv4Addr = new Address.Address4(ip);
+                const ipv4Cidr = new Address.Address4(cidr);
+                // 注意：参数顺序是 address.isInSubnet(cidr)
+                return ipv4Addr.isInSubnet(ipv4Cidr);
+            }
+            // IPv6路径
+            const addr = new Address.Address6(ip);
+            const cidrBlock = new Address.Address6(cidr);
+            return addr.isInSubnet(cidrBlock);
+        }
+        catch (error) {
+            // 记录错误日志但不抛出异常
+            console.warn(`CIDR match failed for ${ip} in ${cidr}:`, error);
+            return false;
+        }
+    }
+    /**
+     * 检查IP地址是否在任意一个CIDR范围内（短路优化）
+     */
+    static matchAnyCidr(ip, cidrList) {
+        if (!(cidrList === null || cidrList === void 0 ? void 0 : cidrList.length))
+            return false;
+        return cidrList.some(cidr => this.matchCidr(ip, cidr));
+    }
+    /**
+     * 验证IP地址格式是否有效（带缓存）
+     */
+    static isValidIp(ip) {
+        if (!ip || typeof ip !== 'string')
+            return false;
+        const cached = this.validationCache.get(ip);
+        if (cached !== undefined) {
+            return cached;
+        }
+        const result = this.isValidIpSync(ip);
+        this.validationCache.set(ip, result);
+        return result;
+    }
+    /**
+     * 验证IP地址格式是否有效（同步版本）
+     */
+    static isValidIpSync(ip) {
+        if (!ip || typeof ip !== 'string')
+            return false;
+        return ip.includes(':')
+            ? Address.Address6.isValid(ip)
+            : Address.Address4.isValid(ip);
+    }
+    /**
+     * 标准化IP地址（优化版）
+     */
+    static normalizeIp(ip) {
+        if (!ip)
+            return '';
+        // 处理 IPv6 映射的 IPv4
+        if (ip.startsWith('::ffff:')) {
+            return ip.substring(7);
+        }
+        // 检查是否是 IPv6 地址（包含多个冒号或包含 ::）
+        const ipv6Pattern = /:.*:/;
+        if (ipv6Pattern.test(ip)) {
+            // 纯 IPv6 地址，保持不变
+            return ip;
+        }
+        // IPv4 地址（可能带端口号）
+        // 移除端口号
+        const lastColonIndex = ip.lastIndexOf(':');
+        if (lastColonIndex > 0) {
+            // 可能是 IPv4:port 格式
+            const potentialPort = ip.substring(lastColonIndex + 1);
+            if (/^\d+$/.test(potentialPort)) {
+                // 确认是端口号，返回 IPv4 部分
+                return ip.substring(0, lastColonIndex);
+            }
+        }
+        return ip;
+    }
+    /**
+     * 获取IP版本
+     */
+    static getIpVersion(ip) {
+        if (!ip)
+            return 'unknown';
+        if (ip.includes(':'))
+            return 'IPv6';
+        if (this.isValidIpSync(ip))
+            return 'IPv4';
+        return 'unknown';
+    }
+    /**
+     * 清空缓存（用于测试或规则变更）
+     */
+    static clearCache() {
+        this.cidrCache.clear();
+        this.validationCache.clear();
+    }
+    /**
+     * 获取缓存统计
+     */
+    static getCacheStats() {
+        return {
+            cidr: {
+                size: this.cidrCache.size,
+                maxSize: this.cidrCache.max,
+            },
+            validation: {
+                size: this.validationCache.size,
+                maxSize: this.validationCache.max,
+            },
+        };
+    }
+}
+exports.IpUtils = IpUtils;
+// CIDR匹配缓存（使用 lru-cache 库）
+IpUtils.cidrCache = new lru_cache_1.LRUCache({
+    max: CACHE_CONSTANTS.CIDR_CACHE_SIZE,
+});
+// IP验证缓存
+IpUtils.validationCache = new lru_cache_1.LRUCache({
+    max: CACHE_CONSTANTS.VALIDATION_CACHE_SIZE,
+});