mybase 1.0.47 → 1.0.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +3 -0
  2. package/jest/isLANIp.test.js +36 -0
  3. package/jest/isLoopbackIP.test.js +32 -0
  4. package/mybase.js +85 -2
  5. package/package.json +5 -1
package/README.md CHANGED
@@ -43,6 +43,9 @@ var { isLocal } = require('mybase')
43
43
  ### decryptAES_CBC_NOIV(encryptedHex, encryptionKey)
44
44
  ### encryptAES_CBC_NOIV(plainString, encryptionKey)
45
45
  ### hash_sha512(plain)
46
+ ### isReservedLANIP(address4_or_6)
47
+ ### isLANIp(address4_or_6)
48
+ ### isLoopbackIP(address4_or_6)
46
49
  ```
47
50
  var handle = await maxmindOpen(config.geoip.country)
48
51
  ```
package/jest/isLANIp.test.js ADDED
@@ -0,0 +1,36 @@
1
+ const { isLANIp } = require('./../mybase');
2
+
3
+ test('should return true for private IPv4', () => {
4
+ const ip = '192.168.1.1';
5
+ expect(isLANIp(ip)).toBe(true);
6
+ });
7
+
8
+ test('should return true for private IPv6', () => {
9
+ const ip = 'fd00::';
10
+ expect(isLANIp(ip)).toBe(true);
11
+ });
12
+
13
+ test('should return null for public IPv4', () => {
14
+ const ip = '8.8.8.8';
15
+ expect(isLANIp(ip)).toBe(null);
16
+ });
17
+
18
+ test('should return null for public IPv6', () => {
19
+ const ip = '2001:4860:4860::8888';
20
+ expect(isLANIp(ip)).toBe(null);
21
+ });
22
+
23
+ test('should return false for invalid IP', () => {
24
+ const ip = 'invalid';
25
+ expect(isLANIp(ip)).toBe(false);
26
+ });
27
+
28
+ test('should return false for invalid IP', () => {
29
+ const ip = '1.2.3';
30
+ expect(isLANIp(ip)).toBe(false);
31
+ });
32
+
33
+ test('should return null for non private IPv6', () => {
34
+ const ip = '::2';
35
+ expect(isLANIp(ip)).toBe(null);
36
+ });
package/jest/isLoopbackIP.test.js ADDED
@@ -0,0 +1,32 @@
1
+ const { isLoopbackIP } = require('./../mybase'); // adjust the path to mybase.js
2
+
3
+ test('should return true for local IPv4', () => {
4
+ const ip = '127.0.0.1';
5
+ expect(isLoopbackIP(ip)).toBe(true);
6
+ });
7
+
8
+ test('should return true for local IPv4', () => {
9
+ const ip = '127.127.127.127';
10
+ expect(isLoopbackIP(ip)).toBe(true);
11
+ });
12
+
13
+
14
+ test('should return true for local IPv6', () => {
15
+ const ip = '::1';
16
+ expect(isLoopbackIP(ip)).toBe(true);
17
+ });
18
+
19
+ test('should return null for non-local IPv4', () => {
20
+ const ip = '8.8.8.8';
21
+ expect(isLoopbackIP(ip)).toBe(null);
22
+ });
23
+
24
+ test('should return null for non-local IPv6', () => {
25
+ const ip = '2001:4860:4860::8888';
26
+ expect(isLoopbackIP(ip)).toBe(null);
27
+ });
28
+
29
+ test('should return false for invalid IP', () => {
30
+ const ip = 'invalid';
31
+ expect(isLoopbackIP(ip)).toBe(false);
32
+ });
package/mybase.js CHANGED
@@ -10,6 +10,15 @@ const _validURL = require('@7c/validurl')
10
10
  const { match } = require('assert');
11
11
  const validator = require('validator')
12
12
  const sha512 = require('js-sha512')
13
+ const ip6addr = require('ip6addr')
14
+
15
+ const private_network_cidrs = [ip6addr.createCIDR('10.0.0.0/8')
16
+ ,ip6addr.createCIDR('172.16.0.0/12')
17
+ ,ip6addr.createCIDR('192.168.0.0/16')
18
+ ,ip6addr.createCIDR('fd00::/8')
19
+ ]
20
+ const local_network_cidrs = [ip6addr.createCIDR('127.0.0.0/8')
21
+ ,ip6addr.createCIDR('::1/128')]
13
22
 
14
23
  // create cache folder if not exists
15
24
  let vault_cache_folder = '/var/tmp/vault-cache'
@@ -31,6 +40,52 @@ function hash_sha512(plain) {
31
40
  return false
32
41
  }
33
42
 
43
+ function normalizeIp(ip) {
44
+ // also support ipv6
45
+ if (net.isIP(ip) === 0) return false;
46
+ if (net.isIPv6(ip)) return ip.toLowerCase().replace(/^::ffff:/, '');
47
+ return ip;
48
+ }
49
+
50
+
51
+ function isLoopbackIP(ip) {
52
+ ip=normalizeIp(ip)
53
+ if (net.isIP(ip) === 0) return false
54
+ try {
55
+ // speed optimized
56
+ let ipVersion = net.isIPv4(ip) ? 'ipv4' : 'ipv6'
57
+ for (let cidr of local_network_cidrs) {
58
+ let first = cidr.first()
59
+ if (first.kind() !== ipVersion) continue
60
+ if (cidr.contains(ip))
61
+ return true
62
+ }
63
+ return null
64
+ } catch (err) {
65
+ console.log(err)
66
+ }
67
+ return false
68
+ }
69
+
70
+ function isLANIp(ip) {
71
+ ip=normalizeIp(ip)
72
+ if (net.isIP(ip) === 0) return false
73
+ try {
74
+ // speed optimized
75
+ let ipVersion = net.isIPv4(ip) ? 'ipv4' : 'ipv6'
76
+ for (let cidr of private_network_cidrs) {
77
+ let first = cidr.first()
78
+ if (first.kind() !== ipVersion) continue
79
+ if (cidr.contains(ip))
80
+ return true
81
+ }
82
+ return null
83
+ } catch (err) {
84
+ console.log(err)
85
+ }
86
+ return false
87
+ }
88
+
34
89
  function validHPassword(hpassword) { return (hpassword && hpassword.length === 128 && hpassword.search(/^[a-f0-9]+$/) == 0) }
35
90
  function randomHPassword(length=10) {
36
91
  let plain = randomString(length)
@@ -184,7 +239,7 @@ function vaultRead(vault, key, cache_in_minutes = 10) {
184
239
  if (r.data) {
185
240
  debug(`vault ${key} - success`)
186
241
  if (cache_in_minutes>0)
187
- try { fs.writeFileSync(cache_file, JSON.stringify(r.data)) } catch(_) {}
242
+ try { fs.writeFileSync(cache_file, JSON.stringify(r.data)); fs.chmodSync(cache_file,0o600); } catch(_) {}
188
243
  return resolve(r.data);
189
244
  }
190
245
  debug(`vault ${key} - failed`)
@@ -589,6 +644,7 @@ function int2ip (ipInt) {
589
644
  function ip2int(ip) {
590
645
  return ip.split('.').reduce(function(ipInt, octet) { return (ipInt<<8) + parseInt(octet, 10)}, 0) >>> 0;
591
646
  }
647
+
592
648
  function encryptAES_CBC_NOIV(plainString, encryptionKey) {
593
649
  try {
594
650
  const key = aesjs.utils.utf8.toBytes(encryptionKey); // 16,32 Bytes = 128,256 bits = AES128,AES256
@@ -602,6 +658,10 @@ function encryptAES_CBC_NOIV(plainString, encryptionKey) {
602
658
  }
603
659
  }
604
660
 
661
+
662
+
663
+
664
+
605
665
  function decryptAES_CBC_NOIV(encryptedHex, encryptionKey) {
606
666
  try {
607
667
  const key = aesjs.utils.utf8.toBytes(encryptionKey); // 16,32 Bytes = 128,256 bits = AES128,AES256
@@ -616,6 +676,26 @@ function decryptAES_CBC_NOIV(encryptedHex, encryptionKey) {
616
676
  }
617
677
  }
618
678
 
679
+ function isReservedLANIP(address) {
680
+ // Define the reserved LAN IP ranges for IPv4 and IPv6.
681
+ const reservedLANIPRanges = [
682
+ '127.0.0.0/8', // Private IPv4 network
683
+ '10.0.0.0/8', // Private IPv4 network
684
+ '172.16.0.0/12', // Private IPv4 network
685
+ '192.168.0.0/16', // Private IPv4 network
686
+ '100.64.0.0/10', // Carrier-Grade NAT (CGN)
687
+ 'fd00::/8', // Unique local address for IPv6
688
+ ];
689
+
690
+ // Normalize the IP address to expand any IPv6 shorthand notation.
691
+ if (net.isIPv6(address))
692
+ normalizedAddress = ip6.normalize(address);
693
+ else normalizedAddress = address;
694
+
695
+ // Check if the IP address is in the reserved LAN IP range.
696
+ return ipRangeCheck(normalizedAddress, reservedLANIPRanges);
697
+ }
698
+
619
699
  module.exports = {
620
700
  encryptAES_CBC_NOIV,
621
701
  decryptAES_CBC_NOIV,
@@ -657,5 +737,8 @@ module.exports = {
657
737
  Geoip2Paths,
658
738
  randomHPassword,
659
739
  isURL,
660
- hash_sha512
740
+ hash_sha512,
741
+ isReservedLANIP,
742
+ isLANIp,
743
+ isLoopbackIP
661
744
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mybase",
3
- "version": "1.0.47",
3
+ "version": "1.0.49",
4
4
  "description": "",
5
5
  "main": "mybase.js",
6
6
  "scripts": {
@@ -13,12 +13,16 @@
13
13
  "aes-js": "^3.1.2",
14
14
  "chalk": "^3.0.0",
15
15
  "debug": "^4.3.1",
16
+ "ip-range-check": "^0.2.0",
17
+ "ip6": "=0.2.7",
18
+ "ip6addr": "^0.2.5",
16
19
  "js-sha512": "^0.8.0",
17
20
  "punycode": "^2.1.1",
18
21
  "validator": "^13.7.0"
19
22
  },
20
23
  "devDependencies": {
21
24
  "chai": "^4.2.0",
25
+ "jest": "^29.7.0",
22
26
  "mocha": "^8.2.1",
23
27
  "should": "^13.2.3"
24
28
  }