diff --git a/package-lock.json b/package-lock.json index 4a6baee0..a4c15512 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,6 +8,9 @@ "name": "WHEEL-doc", "version": "2.1.0", "license": "BSD-2-Clause", + "dependencies": { + "express-ipfilter": "^1.3.2" + }, "devDependencies": { "@eslint/js": "^8.50.0", "eslint": "^8.49.0", @@ -1474,6 +1477,20 @@ "node": ">= 8" } }, + "node_modules/express-ipfilter": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/express-ipfilter/-/express-ipfilter-1.3.2.tgz", + "integrity": "sha512-yMzCWGuVMnR8CFlsIC2spHWoQYp9vtyZXUgS/JdV5GOJgrz6zmKOEZsA4eF1XrxkOIVzaVk6yzTBk65pBhliNw==", + "dependencies": { + "ip": "^2.0.1", + "lodash": "^4.17.11", + "proxy-addr": "^2.0.7", + "range_check": "^2.0.4" + }, + "engines": { + "node": ">=8.9.0" + } + }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -1579,6 +1596,14 @@ "node": ">= 14.17" } }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -1972,6 +1997,27 @@ "node": ">= 0.4" } }, + "node_modules/ip": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", + "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + }, + "node_modules/ip6": { + "version": "0.2.10", + "resolved": "https://registry.npmjs.org/ip6/-/ip6-0.2.10.tgz", + "integrity": "sha512-1LdpyKjhvepd6EbAU6rW4g14vuYtx5TnJX9TfZZBhsM6DsyPQLNzW12rtbUqXBMwqFrLVV/Gcxv0GNFvJp2cYA==", + "bin": { + "ip6": "ip6-cli.js" + } + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "engines": { + "node": ">= 0.10" + } + }, "node_modules/is-array-buffer": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.2.tgz", @@ -2658,8 +2704,7 @@ "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "node_modules/lodash.merge": { "version": "4.6.2", @@ -3217,6 +3262,18 @@ "node": ">= 0.8.0" } }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -3249,6 +3306,18 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/range_check": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/range_check/-/range_check-2.0.4.tgz", + "integrity": "sha512-aed0ocXXj+SIiNNN9b+mZWA3Ow2GXHtftOGk2xQwshK5GbEZAvUcPWNQBLTx/lPcdFRIUFlFCRtHTQNIFMqynQ==", + "dependencies": { + "ip6": "^0.2.0", + "ipaddr.js": "^1.9.1" + }, + "engines": { + "node": ">=10.0.0" + } + }, "node_modules/rc": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", diff --git a/package.json b/package.json index 62fa6c0c..d0fee603 100644 --- a/package.json +++ b/package.json @@ -44,5 +44,8 @@ "lint-staged": { "*.js": "eslint --fix", "*.vue": "eslint --fix" + }, + "dependencies": { + "express-ipfilter": "^1.3.2" } } diff --git a/server/app/index.js b/server/app/index.js index 949e0c35..4fb27ac4 100644 --- a/server/app/index.js +++ b/server/app/index.js @@ -9,6 +9,7 @@ const path = require("path"); const fs = require("fs-extra"); const cors = require("cors"); const express = require("express"); +const ipfilter = require("express-ipfilter").IpFilter const cookieParser = require("cookie-parser"); const bodyParser = require("body-parser"); const Siofu = require("socketio-file-upload"); @@ -28,8 +29,9 @@ process.on("uncaughtException", logger.debug.bind(logger)); * setup express, socketIO */ -const baseURL = process.env.WHEEL_BASE_URL || "/"; const app = express(); +const baseURL = process.env.WHEEL_BASE_URL || "/"; +const address = process.env.WHEEL_ACCEPT_ADDRESS function createHTTPSServer(argApp) { const { keyFilename, certFilename } = require("./db/db"); @@ -56,6 +58,7 @@ logger.info(`WHEEL_TEMPD = ${process.env.WHEEL_TEMPD}`); logger.info(`WHEEL_CONFIG_DIR = ${process.env.WHEEL_CONFIG_DIR}`); logger.info(`WHEEL_USE_HTTP = ${process.env.WHEEL_USE_HTTP}`); logger.info(`WHEEL_PORT = ${process.env.WHEEL_PORT}`); +logger.info(`WHEEL_ACCEPT_ADDRESS= ${process.env.WHEEL_ACCEPT_ADDRESS}`); logger.info(`WHEEL_LOGLEVEL = ${process.env.WHEEL_LOGLEVEL}`); logger.info(`WHEEL_VERBOSE_SSH = ${process.env.WHEEL_VERBOSE_SSH}`); logger.info(`WHEEL_INTERVAL= ${process.env.WHEEL_INTERVAL}`); @@ -67,6 +70,10 @@ let portNumber = port || defaultPort; portNumber = portNumber > 0 ? portNumber : defaultPort; //middlewares +if(address){ + const ips = [address]; + app.use(ipfilter(ips, { mode: "allow", logF: logger.debug.bind(logger) })); +} app.use(cors()); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: true }));