1
0
forked from mirror/misskey

refactor(backend): replace private-ip with ipaddr.js (#11041)

* refactor(backend): replace private-ip with ipaddr.js

* restore ip-cidr
This commit is contained in:
Kagami Sascha Rosylight 2023-06-24 23:35:09 +02:00 committed by GitHub
parent 5d922e3084
commit a2c0573f84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 36 deletions

View File

@ -100,6 +100,7 @@
"hpagent": "1.2.0", "hpagent": "1.2.0",
"ioredis": "5.3.2", "ioredis": "5.3.2",
"ip-cidr": "3.1.0", "ip-cidr": "3.1.0",
"ipaddr.js": "2.1.0",
"is-svg": "4.3.2", "is-svg": "4.3.2",
"js-yaml": "4.1.0", "js-yaml": "4.1.0",
"jsdom": "22.1.0", "jsdom": "22.1.0",
@ -120,7 +121,6 @@
"otpauth": "9.1.2", "otpauth": "9.1.2",
"parse5": "7.1.2", "parse5": "7.1.2",
"pg": "8.11.0", "pg": "8.11.0",
"private-ip": "3.0.0",
"probe-image-size": "7.2.3", "probe-image-size": "7.2.3",
"promise-limit": "2.7.0", "promise-limit": "2.7.0",
"pug": "3.0.2", "pug": "3.0.2",

View File

@ -2,8 +2,7 @@ import * as fs from 'node:fs';
import * as stream from 'node:stream'; import * as stream from 'node:stream';
import * as util from 'node:util'; import * as util from 'node:util';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import IPCIDR from 'ip-cidr'; import ipaddr from 'ipaddr.js';
import PrivateIp from 'private-ip';
import chalk from 'chalk'; import chalk from 'chalk';
import got, * as Got from 'got'; import got, * as Got from 'got';
import { parse } from 'content-disposition'; import { parse } from 'content-disposition';
@ -140,13 +139,14 @@ export class DownloadService {
@bindThis @bindThis
private isPrivateIp(ip: string): boolean { private isPrivateIp(ip: string): boolean {
const parsedIp = ipaddr.parse(ip);
for (const net of this.config.allowedPrivateNetworks ?? []) { for (const net of this.config.allowedPrivateNetworks ?? []) {
const cidr = new IPCIDR(net); if (parsedIp.match(ipaddr.parseCIDR(net))) {
if (cidr.contains(ip)) {
return false; return false;
} }
} }
return PrivateIp(ip) ?? false; return parsedIp.range() !== 'unicast';
} }
} }

View File

@ -1,6 +1,6 @@
import IPCIDR from 'ip-cidr'; import IPCIDR from 'ip-cidr';
export function getIpHash(ip: string) { export function getIpHash(ip: string): string {
try { try {
// because a single person may control many IPv6 addresses, // because a single person may control many IPv6 addresses,
// only a /64 subnet prefix of any IP will be taken into account. // only a /64 subnet prefix of any IP will be taken into account.

31
pnpm-lock.yaml generated
View File

@ -215,6 +215,9 @@ importers:
ip-cidr: ip-cidr:
specifier: 3.1.0 specifier: 3.1.0
version: 3.1.0 version: 3.1.0
ipaddr.js:
specifier: 2.1.0
version: 2.1.0
is-svg: is-svg:
specifier: 4.3.2 specifier: 4.3.2
version: 4.3.2 version: 4.3.2
@ -275,9 +278,6 @@ importers:
pg: pg:
specifier: 8.11.0 specifier: 8.11.0
version: 8.11.0 version: 8.11.0
private-ip:
specifier: 3.0.0
version: 3.0.0
probe-image-size: probe-image-size:
specifier: 7.2.3 specifier: 7.2.3
version: 7.2.3 version: 7.2.3
@ -4387,10 +4387,6 @@ packages:
resolution: {integrity: sha512-BxOqI5LgsIQP1odU5KMwV9yoijleOPzHL18/YvNqF9KFSGF2K/DLlYAbDQsWqd/1nbaFuSkYD/191dpMtNh4vw==} resolution: {integrity: sha512-BxOqI5LgsIQP1odU5KMwV9yoijleOPzHL18/YvNqF9KFSGF2K/DLlYAbDQsWqd/1nbaFuSkYD/191dpMtNh4vw==}
dev: false dev: false
/@chainsafe/is-ip@2.0.1:
resolution: {integrity: sha512-nqSJ8u2a1Rv9FYbyI8qpDhTYujaKEyLknNrTejLYoSWmdeg+2WB7R6BZqPZYfrJzDxVi3rl6ZQuoaEvpKRZWgQ==}
dev: false
/@colors/colors@1.5.0: /@colors/colors@1.5.0:
resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==} resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==}
engines: {node: '>=0.1.90'} engines: {node: '>=0.1.90'}
@ -13539,11 +13535,6 @@ packages:
resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==} resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==}
engines: {node: '>=8'} engines: {node: '>=8'}
/ip-regex@5.0.0:
resolution: {integrity: sha512-fOCG6lhoKKakwv+C6KdsOnGvgXnmgfmp0myi3bcNwj3qfwPAxRKWEuFhvEFF7ceYIz6+1jRZ+yguLFAmUNPEfw==}
engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
dev: false
/ip@2.0.0: /ip@2.0.0:
resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==} resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==}
@ -13551,8 +13542,8 @@ packages:
resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==} resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
engines: {node: '>= 0.10'} engines: {node: '>= 0.10'}
/ipaddr.js@2.0.1: /ipaddr.js@2.1.0:
resolution: {integrity: sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==} resolution: {integrity: sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==}
engines: {node: '>= 10'} engines: {node: '>= 10'}
/irregular-plurals@3.5.0: /irregular-plurals@3.5.0:
@ -17315,20 +17306,10 @@ packages:
resolution: {integrity: sha512-5zyFfekIVUOTVbL92hc8LJOtE/gyGHeREHkJ2yTyByP8Q2YZVoBqLg3EfYLeF0oVvGqtaEX2t2Qovja0/gStXw==} resolution: {integrity: sha512-5zyFfekIVUOTVbL92hc8LJOtE/gyGHeREHkJ2yTyByP8Q2YZVoBqLg3EfYLeF0oVvGqtaEX2t2Qovja0/gStXw==}
dependencies: dependencies:
ip-regex: 4.3.0 ip-regex: 4.3.0
ipaddr.js: 2.0.1 ipaddr.js: 2.1.0
is-ip: 3.1.0 is-ip: 3.1.0
netmask: 2.0.2 netmask: 2.0.2
/private-ip@3.0.0:
resolution: {integrity: sha512-HkMBs4nMtrP+cvcw0bDi2BAZIGgiKI4Zq8Oc+dMqNBpHS8iGL4+WO/pRtc8Bwnv9rjnV0QwMDwEBymFtqv7Kww==}
engines: {node: '>=14.16'}
dependencies:
'@chainsafe/is-ip': 2.0.1
ip-regex: 5.0.0
ipaddr.js: 2.0.1
netmask: 2.0.2
dev: false
/probe-image-size@7.2.3: /probe-image-size@7.2.3:
resolution: {integrity: sha512-HubhG4Rb2UH8YtV4ba0Vp5bQ7L78RTONYu/ujmCu5nBI8wGv24s4E9xSKBi0N1MowRpxk76pFCpJtW0KPzOK0w==} resolution: {integrity: sha512-HubhG4Rb2UH8YtV4ba0Vp5bQ7L78RTONYu/ujmCu5nBI8wGv24s4E9xSKBi0N1MowRpxk76pFCpJtW0KPzOK0w==}
dependencies: dependencies: