Add config value for forwarded IPs whitelisting

2025-04-03 13:41:07 +02:00 · 2024-04-22 15:52:59 +03:00 · 2024-04-22 15:52:59 +03:00 · 2f45f50d37
commit 2f45f50d37
parent 41ad7c5d26
2 changed files with 9 additions and 2 deletions
--- a/default/config.yaml
+++ b/default/config.yaml
@ -9,6 +9,8 @@ port: 8000
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
 # Whitelist will also verify IP in X-Forwarded-For / X-Real-IP headers
 enableForwardedWhitelist: true
 # Whitelist of allowed IP addresses
 whitelist:
  - 127.0.0.1
--- a/src/middleware/whitelist.js
+++ b/src/middleware/whitelist.js
@ -6,6 +6,7 @@ const { getIpFromRequest } = require('../express-common');
 const { color, getConfigValue } = require('../util');
 const whitelistPath = path.join(process.cwd(), './whitelist.txt');
 const enableForwardedWhitelist = getConfigValue('enableForwardedWhitelist', false);
 let whitelist = getConfigValue('whitelist', []);
 let knownIPs = new Set();
@ -24,14 +25,18 @@ if (fs.existsSync(whitelistPath)) {
 * @returns {string|undefined} The client IP address
 */
 function getForwardedIp(req) {
    if (!enableForwardedWhitelist) {
        return undefined;
    }
    // Check if X-Real-IP is available
    if (req.headers['x-real-ip']) {
-        return req.headers['x-real-ip'];
+        return req.headers['x-real-ip'].toString();
    }
    // Check for X-Forwarded-For and parse if available
    if (req.headers['x-forwarded-for']) {
-        const ipList = req.headers['x-forwarded-for'].split(',').map(ip => ip.trim());
+        const ipList = req.headers['x-forwarded-for'].toString().split(',').map(ip => ip.trim());
        return ipList[0];
    }