rixty
/
SillyTavern
mirror of https://github.com/SillyTavern/SillyTavern.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: whitelist in real-ip

This commit is contained in:
Zhongyi Lu 2024-04-12 22:03:36 -07:00
parent 89d3673010
commit 792be63c5c
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/middleware/whitelist.js
View File

@ -19,6 +19,22 @@ if (fs.existsSync(whitelistPath)) {
} }
} }
function getForwardedIp(req) {
// Check if X-Real-IP is available
if (req.headers['x-real-ip']) {
return req.headers['x-real-ip'];
}
// Check for X-Forwarded-For and parse if available
if (req.headers['x-forwarded-for']) {
const ipList = req.headers['x-forwarded-for'].split(',').map(ip => ip.trim());
return ipList[0];
}
// If none of the headers are available, return undefined
return undefined;
}
function getIpFromRequest(req) { function getIpFromRequest(req) {
let clientIp = req.connection.remoteAddress; let clientIp = req.connection.remoteAddress;
let ip = ipaddr.parse(clientIp); let ip = ipaddr.parse(clientIp);
@ -41,6 +57,7 @@ function getIpFromRequest(req) {
function whitelistMiddleware(listen) { function whitelistMiddleware(listen) {
return function (req, res, next) { return function (req, res, next) {
const clientIp = getIpFromRequest(req); const clientIp = getIpFromRequest(req);
const forwardedIp = getForwardedIp(req);
if (listen && !knownIPs.has(clientIp)) { if (listen && !knownIPs.has(clientIp)) {
const userAgent = req.headers['user-agent']; const userAgent = req.headers['user-agent'];
@ -58,9 +75,13 @@ function whitelistMiddleware(listen) {
} }
//clientIp = req.connection.remoteAddress.split(':').pop(); //clientIp = req.connection.remoteAddress.split(':').pop();
if (whitelistMode === true && !whitelist.some(x => ipMatching.matches(clientIp, ipMatching.getMatch(x)))) { if (whitelistMode === true && !whitelist.some(x => ipMatching.matches(clientIp, ipMatching.getMatch(x)))
console.log(color.red('Forbidden: Connection attempt from ' + clientIp + '. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.\n')); || forwardedIp && whitelistMode === true && !whitelist.some(x => ipMatching.matches(forwardedIp, ipMatching.getMatch(x)))
return res.status(403).send('<b>Forbidden</b>: Connection attempt from <b>' + clientIp + '</b>. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.'); ) {
// Log the connection attempt with real IP address
const ipDetails = forwardedIp ? `${clientIp} (forwarded from ${forwardedIp})` : clientIp;
console.log(color.red('Forbidden: Connection attempt from ' + ipDetails + '. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.\n'));
return res.status(403).send('<b>Forbidden</b>: Connection attempt from <b>' + ipDetails + '</b>. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.');
} }
next(); next();
}; };