mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-15 05:37:22 +01:00
e7c8833c9a
* simplify ip address management by using the trust proxy express option * add setupExpress file * fix redirects middleware tests * fix lint * short circuit the ip blocking middleware * basic implementation with ip based limiting * improve logging * upgrade apidoc * apidoc: add introduction section * fix lint * fix tests * fix lint * add unit tests for rate limiter * do not send retry-after header when points are available * automatically fix lint * fix more lint issues * use userId as key for rate limit when available
39 lines
1.1 KiB
JavaScript
39 lines
1.1 KiB
JavaScript
import nconf from 'nconf';
|
|
import {
|
|
Forbidden,
|
|
} from '../libs/errors';
|
|
import apiError from '../libs/apiError';
|
|
|
|
// Middleware to block unwanted IP addresses
|
|
|
|
// NOTE: it's meant to be used behind a proxy (for example a load balancer)
|
|
// that uses the 'x-forwarded-for' header to forward the original IP addresses.
|
|
|
|
// A list of comma separated IPs to block
|
|
// It works fine as long as the list is short,
|
|
// if the list becomes too long for an env variable we'll switch to Redis.
|
|
const BLOCKED_IPS_RAW = nconf.get('BLOCKED_IPS');
|
|
|
|
const blockedIps = BLOCKED_IPS_RAW
|
|
? BLOCKED_IPS_RAW
|
|
.trim()
|
|
.split(',')
|
|
.map(blockedIp => blockedIp.trim())
|
|
.filter(blockedIp => Boolean(blockedIp))
|
|
: [];
|
|
|
|
export default function ipBlocker (req, res, next) {
|
|
// If there are no IPs to block, skip the middleware
|
|
if (blockedIps.length === 0) return next();
|
|
|
|
// Is the client IP, req.ip, blocked?
|
|
const match = blockedIps.find(blockedIp => blockedIp === req.ip) !== undefined;
|
|
|
|
if (match === true) {
|
|
// Not translated because no user is loaded at this point
|
|
return next(new Forbidden(apiError('ipAddressBlocked')));
|
|
}
|
|
|
|
return next();
|
|
}
|