Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-05 20:11:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #5879

Browse Source
This commit is contained in:
Julian Lam
2017-08-18 15:05:49 -04:00
parent b4a4fd8679
commit 1159abf9ec
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@@ -41,6 +41,7 @@
"express-useragent": "1.0.7",
"html-to-text": "3.3.0",
"ip": "1.1.5",
"ip-range-check": "^0.0.2",
"jimp": "0.2.28",
"jquery": "^3.1.0",
"json-2-csv": "^2.0.22",

20
src/meta/blacklist.js
View File

@@ -1,6 +1,7 @@
'use strict';
var ip = require('ip');
var ipRangeCheck = require('ip-range-check');
var winston = require('winston');
var async = require('async');
@@ -27,6 +28,7 @@ Blacklist.load = function (callback) {
ipv4: rules.ipv4,
ipv6: rules.ipv6,
cidr: rules.cidr,
cidr6: rules.cidr6,
};
next();
},
@@ -53,11 +55,12 @@ Blacklist.get = function (callback) {
Blacklist.test = function (clientIp, callback) {
if (
Blacklist._rules.ipv4.indexOf(clientIp) === -1 &&// not explicitly specified in ipv4 list
Blacklist._rules.ipv6.indexOf(clientIp) === -1 &&// not explicitly specified in ipv6 list
Blacklist._rules.ipv4.indexOf(clientIp) === -1 && // not explicitly specified in ipv4 list
Blacklist._rules.ipv6.indexOf(clientIp) === -1 && // not explicitly specified in ipv6 list
!Blacklist._rules.cidr.some(function (subnet) {
return ip.cidrSubnet(subnet).contains(clientIp);
}) // not in a blacklisted cidr range
}) && // not in a blacklisted IPv4 cidr range
!ipRangeCheck(clientIp, Blacklist._rules.cidr6) // not in a blacklisted IPv6 cidr range
) {
if (typeof callback === 'function') {
setImmediate(callback);
@@ -81,9 +84,11 @@ Blacklist.validate = function (rules, callback) {
var ipv4 = [];
var ipv6 = [];
var cidr = [];
var cidr6 = [];
var invalid = [];
var isCidrSubnet = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/;
var isIPv4CidrSubnet = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/;
var isIPv6CidrSubnet = /^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/;
var inlineCommentMatch = /#.*$/;
var whitelist = ['127.0.0.1', '::1', '::ffff:0:127.0.0.1'];
@@ -109,7 +114,11 @@ Blacklist.validate = function (rules, callback) {
ipv6.push(rule);
return true;
}
if (isCidrSubnet.test(rule)) {
if (isIPv4CidrSubnet.test(rule)) {
cidr.push(rule);
return true;
}
if (isIPv6CidrSubnet.test(rule)) {
cidr.push(rule);
return true;
}
@@ -123,6 +132,7 @@ Blacklist.validate = function (rules, callback) {
ipv4: ipv4,
ipv6: ipv6,
cidr: cidr,
cidr6: cidr6,
valid: rules,
invalid: invalid,
});