-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
59 lines (46 loc) · 1.35 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
const DEFAULT_OPTIONS = {
CloudFlareRemoteIPHeader: "CF-Connecting-IP",
DenyAllButCloudflare: false,
CloudFlareRemoteIPTrustedProxy: [ ],
ForbiddenPage: null
};
const IPCIDR = require("ip-cidr");
const CloudFlareIPs = require('./CloudFlareIPs.json').map(r => new IPCIDR(r));
module.exports = function(options = {}){
options = Object.assign(DEFAULT_OPTIONS, options);
options.CloudFlareRemoteIPTrustedProxy = options.CloudFlareRemoteIPTrustedProxy.map(r => new IPCIDR(r));
return function(req, res, next){
var isCloudFlare = false;
let _ip = req.ip;
for(let range of CloudFlareIPs){
if(range.contains(_ip)){
isCloudFlare = true;
break;
}
}
if(options.CloudFlareRemoteIPTrustedProxy.length > 0 && !isCloudFlare){
for(let range of options.CloudFlareRemoteIPTrustedProxy){
if(range.contains(_ip)){
isCloudFlare = true;
break;
}
}
}
if(options.DenyAllButCloudflare === true && !isCloudFlare){
if(options.ForbiddenPage != null){
req.app._router.stack.find(m => m.route !== undefined && m.route.path == options.ForbiddenPage).handle(req,res,next);
}else{
res.status(403).send();
}
return;
}
if(isCloudFlare){
Object.defineProperty(req, 'ip', {
configurable: true,
enumerable: true,
get: function ip (){ return req.get(options.CloudFlareRemoteIPHeader) }
});
}
next();
}
}