Add config value for forwarded IPs whitelisting

2024-04-22 15:52:59 +03:00 · 2024-04-22 15:52:59 +03:00 · 2f45f50d37
parent 41ad7c5d26
commit 2f45f50d37
2 changed files with 9 additions and 2 deletions
--- a/default/config.yaml
+++ b/default/config.yaml
@ -9,6 +9,8 @@ port: 8000
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
+# Whitelist will also verify IP in X-Forwarded-For / X-Real-IP headers
+enableForwardedWhitelist: true
 # Whitelist of allowed IP addresses
 whitelist:
  - 127.0.0.1
--- a/src/middleware/whitelist.js
+++ b/src/middleware/whitelist.js
@ -6,6 +6,7 @@ const { getIpFromRequest } = require('../express-common');
 const { color, getConfigValue } = require('../util');

 const whitelistPath = path.join(process.cwd(), './whitelist.txt');
+const enableForwardedWhitelist = getConfigValue('enableForwardedWhitelist', false);
 let whitelist = getConfigValue('whitelist', []);
 let knownIPs = new Set();

@ -24,14 +25,18 @@ if (fs.existsSync(whitelistPath)) {
 * @returns {string|undefined} The client IP address
 */
 function getForwardedIp(req) {
+    if (!enableForwardedWhitelist) {
+        return undefined;
+    }
+
    // Check if X-Real-IP is available
    if (req.headers['x-real-ip']) {
-        return req.headers['x-real-ip'];
+        return req.headers['x-real-ip'].toString();
    }

    // Check for X-Forwarded-For and parse if available
    if (req.headers['x-forwarded-for']) {
-        const ipList = req.headers['x-forwarded-for'].split(',').map(ip => ip.trim());
+        const ipList = req.headers['x-forwarded-for'].toString().split(',').map(ip => ip.trim());
        return ipList[0];
    }