mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-18 07:07:35 +01:00
12773d539e
* Read IP blocks from database * begin building general blocking solution * add new frontend files * Add UI for managing blockers * correctly reset local data after creating blocker * Tweak wording * Add UI for managing blockers * restructure admin pages * improve test coverage * Improve blocker UI * add blocker to block emails from registration * lint fix * fix * lint fixes * fix import * add new permission for managing blockers * improve permission check * fix managing permissions from admin * improve navbar display for non fullAccess admin * update block error strings * lint fix * add option to errorHandler to skip logging * validate blocker value during input * improve blocker form display * chore(subproj): reconcile habitica-images * fix(scripts): use same Mongo version for dev/test * fix(whitespace): eof * documentation improvements * remove nconf import * remove old test --------- Co-authored-by: Kalista Payne <kalista@habitica.com> Co-authored-by: Kalista Payne <sabrecat@gmail.com>
57 lines
1.6 KiB
JavaScript
57 lines
1.6 KiB
JavaScript
import {
|
|
Forbidden,
|
|
} from '../libs/errors';
|
|
import { apiError } from '../libs/apiError';
|
|
import { model as Blocker } from '../models/blocker';
|
|
|
|
// Middleware to block unwanted IP addresses and clients
|
|
|
|
// NOTE: it's meant to be used behind a proxy (for example a load balancer)
|
|
// that uses the 'x-forwarded-for' header to forward the original IP addresses.
|
|
|
|
const blockedIps = [];
|
|
const blockedClients = [];
|
|
|
|
Blocker.watchBlockers({
|
|
$or: [
|
|
{ type: 'ipaddress' },
|
|
{ type: 'client' },
|
|
],
|
|
area: 'full',
|
|
}, {
|
|
initial: true,
|
|
}).on('change', async change => {
|
|
const { operation, blocker } = change;
|
|
const checkedList = blocker.type === 'ipaddress' ? blockedIps : blockedClients;
|
|
if (operation === 'add') {
|
|
if (blocker.value && !checkedList.includes(blocker.value)) {
|
|
checkedList.push(blocker.value);
|
|
}
|
|
} else if (operation === 'delete') {
|
|
const index = checkedList.indexOf(blocker.value);
|
|
if (index !== -1) {
|
|
checkedList.splice(index, 1);
|
|
}
|
|
}
|
|
});
|
|
|
|
export default function ipBlocker (req, res, next) {
|
|
if (blockedIps.length === 0 && blockedClients.length === 0) return next();
|
|
|
|
const ipMatch = blockedIps.find(blockedIp => blockedIp === req.ip) !== undefined;
|
|
if (ipMatch === true) {
|
|
const error = new Forbidden(apiError('ipAddressBlocked'));
|
|
error.skipLogging = true;
|
|
return next(error);
|
|
}
|
|
|
|
const clientMatch = blockedClients.find(blockedClient => blockedClient === req.headers['x-client']) !== undefined;
|
|
if (clientMatch === true) {
|
|
const error = new Forbidden(apiError('clientBlocked'));
|
|
error.skipLogging = true;
|
|
return next(error);
|
|
}
|
|
|
|
return next();
|
|
}
|