remove dependency on ip-range-check and ip, use lower level ipaddr.js instead

re: #5893
8 years ago · 5d2b3d3c39
parent 8346130cdc
commit 5d2b3d3c39
2 changed files with 37 additions and 26 deletions
--- a/package.json
+++ b/package.json
@ -40,8 +40,7 @@
    "express-session": "^1.8.2",
    "express-useragent": "1.0.7",
    "html-to-text": "3.3.0",
-    "ip": "1.1.5",
-    "ip-range-check": "^0.0.2",
+    "ipaddr.js": "^1.5.0",
    "jimp": "0.2.28",
    "jquery": "^3.1.0",
    "json-2-csv": "^2.0.22",
--- a/src/meta/blacklist.js
+++ b/src/meta/blacklist.js
@ -1,7 +1,6 @@
 'use strict';

-var ip = require('ip');
-var ipRangeCheck = require('ip-range-check');
+var ipaddr = require('ipaddr.js');
 var winston = require('winston');
 var async = require('async');

@ -55,13 +54,18 @@ Blacklist.get = function (callback) {
 };

 Blacklist.test = function (clientIp, callback) {
+	// Some handy test addresses
+	// clientIp = '2001:db8:85a3:0:0:8a2e:370:7334';	// IPv6
+	// clientIp = '127.0.15.1';	// IPv4
+	var addr = ipaddr.parse(clientIp);
+
 	if (
 		Blacklist._rules.ipv4.indexOf(clientIp) === -1 &&	// not explicitly specified in ipv4 list
 		Blacklist._rules.ipv6.indexOf(clientIp) === -1 &&	// not explicitly specified in ipv6 list
 		!Blacklist._rules.cidr.some(function (subnet) {
-			return ip.cidrSubnet(subnet).contains(clientIp);
-		}) &&	// not in a blacklisted IPv4 cidr range
-		!ipRangeCheck(clientIp, Blacklist._rules.cidr6)	// not in a blacklisted IPv6 cidr range
+			return addr.match(ipaddr.parseCIDR(subnet));
+			// return ip.cidrSubnet(subnet).contains(clientIp);
+		})	// not in a blacklisted IPv4 or IPv6 cidr range
 	) {
 		plugins.fireHook('filter:blacklist.test', {
 			ip: clientIp,
@ -90,7 +94,6 @@ Blacklist.validate = function (rules, callback) {
 	var ipv4 = [];
 	var ipv6 = [];
 	var cidr = [];
-	var cidr6 = [];
 	var invalid = [];

 	var isIPv4CidrSubnet = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/;
@ -107,30 +110,40 @@ Blacklist.validate = function (rules, callback) {

 	// Filter out invalid rules
 	rules = rules.filter(function (rule) {
-		if (whitelist.indexOf(rule) !== -1) {
-			invalid.push(rule);
-			return false;
+		var addr;
+		var isRange = false;
+		try {
+			addr = ipaddr.parse(rule);
+		} catch (e) {
+			// Do nothing
 		}

-		if (ip.isV4Format(rule)) {
-			ipv4.push(rule);
-			return true;
+		try {
+			addr = ipaddr.parseCIDR(rule);
+			isRange = true;
+		} catch (e) {
+			// Do nothing
 		}
-		if (ip.isV6Format(rule)) {
-			ipv6.push(rule);
-			return true;
+		console.log('what is addr anyway', addr);
+
+		if (!addr || whitelist.indexOf(rule) !== -1) {
+			invalid.push(rule);
+			return false;
 		}
-		if (isIPv4CidrSubnet.test(rule)) {
+
+		if (!isRange) {
+			if (addr.kind() === 'ipv4' && ipaddr.IPv4.isValid(rule)) {
+				ipv4.push(rule);
+				return true;
+			}
+			if (addr.kind() === 'ipv6' && ipaddr.IPv6.isValid(rule)) {
+				ipv6.push(rule);
+				return true;
+			}
+		} else {
 			cidr.push(rule);
 			return true;
 		}
-		if (isIPv6CidrSubnet.test(rule)) {
-			cidr6.push(rule);
-			return true;
-		}
-
-		invalid.push(rule);
-		return false;
 	});

 	callback(null, {
@ -138,7 +151,6 @@ Blacklist.validate = function (rules, callback) {
 		ipv4: ipv4,
 		ipv6: ipv6,
 		cidr: cidr,
-		cidr6: cidr6,
 		valid: rules,
 		invalid: invalid,
 	});