forked from mirror/misskey
refactor(backend): replace private-ip with ipaddr.js (#11041)
* refactor(backend): replace private-ip with ipaddr.js * restore ip-cidr
This commit is contained in:
parent
5d922e3084
commit
a2c0573f84
@ -100,6 +100,7 @@
|
|||||||
"hpagent": "1.2.0",
|
"hpagent": "1.2.0",
|
||||||
"ioredis": "5.3.2",
|
"ioredis": "5.3.2",
|
||||||
"ip-cidr": "3.1.0",
|
"ip-cidr": "3.1.0",
|
||||||
|
"ipaddr.js": "2.1.0",
|
||||||
"is-svg": "4.3.2",
|
"is-svg": "4.3.2",
|
||||||
"js-yaml": "4.1.0",
|
"js-yaml": "4.1.0",
|
||||||
"jsdom": "22.1.0",
|
"jsdom": "22.1.0",
|
||||||
@ -120,7 +121,6 @@
|
|||||||
"otpauth": "9.1.2",
|
"otpauth": "9.1.2",
|
||||||
"parse5": "7.1.2",
|
"parse5": "7.1.2",
|
||||||
"pg": "8.11.0",
|
"pg": "8.11.0",
|
||||||
"private-ip": "3.0.0",
|
|
||||||
"probe-image-size": "7.2.3",
|
"probe-image-size": "7.2.3",
|
||||||
"promise-limit": "2.7.0",
|
"promise-limit": "2.7.0",
|
||||||
"pug": "3.0.2",
|
"pug": "3.0.2",
|
||||||
|
@ -2,8 +2,7 @@ import * as fs from 'node:fs';
|
|||||||
import * as stream from 'node:stream';
|
import * as stream from 'node:stream';
|
||||||
import * as util from 'node:util';
|
import * as util from 'node:util';
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import IPCIDR from 'ip-cidr';
|
import ipaddr from 'ipaddr.js';
|
||||||
import PrivateIp from 'private-ip';
|
|
||||||
import chalk from 'chalk';
|
import chalk from 'chalk';
|
||||||
import got, * as Got from 'got';
|
import got, * as Got from 'got';
|
||||||
import { parse } from 'content-disposition';
|
import { parse } from 'content-disposition';
|
||||||
@ -140,13 +139,14 @@ export class DownloadService {
|
|||||||
|
|
||||||
@bindThis
|
@bindThis
|
||||||
private isPrivateIp(ip: string): boolean {
|
private isPrivateIp(ip: string): boolean {
|
||||||
|
const parsedIp = ipaddr.parse(ip);
|
||||||
|
|
||||||
for (const net of this.config.allowedPrivateNetworks ?? []) {
|
for (const net of this.config.allowedPrivateNetworks ?? []) {
|
||||||
const cidr = new IPCIDR(net);
|
if (parsedIp.match(ipaddr.parseCIDR(net))) {
|
||||||
if (cidr.contains(ip)) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return PrivateIp(ip) ?? false;
|
return parsedIp.range() !== 'unicast';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
import IPCIDR from 'ip-cidr';
|
import IPCIDR from 'ip-cidr';
|
||||||
|
|
||||||
export function getIpHash(ip: string) {
|
export function getIpHash(ip: string): string {
|
||||||
try {
|
try {
|
||||||
// because a single person may control many IPv6 addresses,
|
// because a single person may control many IPv6 addresses,
|
||||||
// only a /64 subnet prefix of any IP will be taken into account.
|
// only a /64 subnet prefix of any IP will be taken into account.
|
||||||
|
31
pnpm-lock.yaml
generated
31
pnpm-lock.yaml
generated
@ -215,6 +215,9 @@ importers:
|
|||||||
ip-cidr:
|
ip-cidr:
|
||||||
specifier: 3.1.0
|
specifier: 3.1.0
|
||||||
version: 3.1.0
|
version: 3.1.0
|
||||||
|
ipaddr.js:
|
||||||
|
specifier: 2.1.0
|
||||||
|
version: 2.1.0
|
||||||
is-svg:
|
is-svg:
|
||||||
specifier: 4.3.2
|
specifier: 4.3.2
|
||||||
version: 4.3.2
|
version: 4.3.2
|
||||||
@ -275,9 +278,6 @@ importers:
|
|||||||
pg:
|
pg:
|
||||||
specifier: 8.11.0
|
specifier: 8.11.0
|
||||||
version: 8.11.0
|
version: 8.11.0
|
||||||
private-ip:
|
|
||||||
specifier: 3.0.0
|
|
||||||
version: 3.0.0
|
|
||||||
probe-image-size:
|
probe-image-size:
|
||||||
specifier: 7.2.3
|
specifier: 7.2.3
|
||||||
version: 7.2.3
|
version: 7.2.3
|
||||||
@ -4387,10 +4387,6 @@ packages:
|
|||||||
resolution: {integrity: sha512-BxOqI5LgsIQP1odU5KMwV9yoijleOPzHL18/YvNqF9KFSGF2K/DLlYAbDQsWqd/1nbaFuSkYD/191dpMtNh4vw==}
|
resolution: {integrity: sha512-BxOqI5LgsIQP1odU5KMwV9yoijleOPzHL18/YvNqF9KFSGF2K/DLlYAbDQsWqd/1nbaFuSkYD/191dpMtNh4vw==}
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
/@chainsafe/is-ip@2.0.1:
|
|
||||||
resolution: {integrity: sha512-nqSJ8u2a1Rv9FYbyI8qpDhTYujaKEyLknNrTejLYoSWmdeg+2WB7R6BZqPZYfrJzDxVi3rl6ZQuoaEvpKRZWgQ==}
|
|
||||||
dev: false
|
|
||||||
|
|
||||||
/@colors/colors@1.5.0:
|
/@colors/colors@1.5.0:
|
||||||
resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==}
|
resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==}
|
||||||
engines: {node: '>=0.1.90'}
|
engines: {node: '>=0.1.90'}
|
||||||
@ -13539,11 +13535,6 @@ packages:
|
|||||||
resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==}
|
resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==}
|
||||||
engines: {node: '>=8'}
|
engines: {node: '>=8'}
|
||||||
|
|
||||||
/ip-regex@5.0.0:
|
|
||||||
resolution: {integrity: sha512-fOCG6lhoKKakwv+C6KdsOnGvgXnmgfmp0myi3bcNwj3qfwPAxRKWEuFhvEFF7ceYIz6+1jRZ+yguLFAmUNPEfw==}
|
|
||||||
engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
|
|
||||||
dev: false
|
|
||||||
|
|
||||||
/ip@2.0.0:
|
/ip@2.0.0:
|
||||||
resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==}
|
resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==}
|
||||||
|
|
||||||
@ -13551,8 +13542,8 @@ packages:
|
|||||||
resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
|
resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
|
||||||
engines: {node: '>= 0.10'}
|
engines: {node: '>= 0.10'}
|
||||||
|
|
||||||
/ipaddr.js@2.0.1:
|
/ipaddr.js@2.1.0:
|
||||||
resolution: {integrity: sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==}
|
resolution: {integrity: sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==}
|
||||||
engines: {node: '>= 10'}
|
engines: {node: '>= 10'}
|
||||||
|
|
||||||
/irregular-plurals@3.5.0:
|
/irregular-plurals@3.5.0:
|
||||||
@ -17315,20 +17306,10 @@ packages:
|
|||||||
resolution: {integrity: sha512-5zyFfekIVUOTVbL92hc8LJOtE/gyGHeREHkJ2yTyByP8Q2YZVoBqLg3EfYLeF0oVvGqtaEX2t2Qovja0/gStXw==}
|
resolution: {integrity: sha512-5zyFfekIVUOTVbL92hc8LJOtE/gyGHeREHkJ2yTyByP8Q2YZVoBqLg3EfYLeF0oVvGqtaEX2t2Qovja0/gStXw==}
|
||||||
dependencies:
|
dependencies:
|
||||||
ip-regex: 4.3.0
|
ip-regex: 4.3.0
|
||||||
ipaddr.js: 2.0.1
|
ipaddr.js: 2.1.0
|
||||||
is-ip: 3.1.0
|
is-ip: 3.1.0
|
||||||
netmask: 2.0.2
|
netmask: 2.0.2
|
||||||
|
|
||||||
/private-ip@3.0.0:
|
|
||||||
resolution: {integrity: sha512-HkMBs4nMtrP+cvcw0bDi2BAZIGgiKI4Zq8Oc+dMqNBpHS8iGL4+WO/pRtc8Bwnv9rjnV0QwMDwEBymFtqv7Kww==}
|
|
||||||
engines: {node: '>=14.16'}
|
|
||||||
dependencies:
|
|
||||||
'@chainsafe/is-ip': 2.0.1
|
|
||||||
ip-regex: 5.0.0
|
|
||||||
ipaddr.js: 2.0.1
|
|
||||||
netmask: 2.0.2
|
|
||||||
dev: false
|
|
||||||
|
|
||||||
/probe-image-size@7.2.3:
|
/probe-image-size@7.2.3:
|
||||||
resolution: {integrity: sha512-HubhG4Rb2UH8YtV4ba0Vp5bQ7L78RTONYu/ujmCu5nBI8wGv24s4E9xSKBi0N1MowRpxk76pFCpJtW0KPzOK0w==}
|
resolution: {integrity: sha512-HubhG4Rb2UH8YtV4ba0Vp5bQ7L78RTONYu/ujmCu5nBI8wGv24s4E9xSKBi0N1MowRpxk76pFCpJtW0KPzOK0w==}
|
||||||
dependencies:
|
dependencies:
|
||||||
|
Loading…
Reference in New Issue
Block a user