Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
express-ipfilter
Advanced tools
express-ipfilter - npm Package Compare versions
Comparing version 0.0.19 to 0.0.20
@@ -35,2 +35,4 @@ /*! | ||
| * - `allowPrivateIPs` whether to grant access to any IP using the private IP address space unless explicitly denied. Defaults to false. | ||
| * - `allowCloudFlare` set false to disable cloud flare header | ||
| * - `allowForwardedIps` set false to disable forwared ips | ||
| * - 'cidr' whether ips are ips with a submnet mask. Defaults to 'false'. | ||
@@ -40,4 +42,4 @@ * - 'ranges' whether ranges are supplied as ips | ||
| * | ||
| * @param [Array] IP addresses | ||
| * @param {Object} options | ||
| * @param ips [Array] IP addresses | ||
| * @param opts {Object} options | ||
| * @api public | ||
@@ -56,2 +58,4 @@ */ | ||
| allowPrivateIPs: false, | ||
| allowCloudFlare: false, | ||
| allowForwardedIps: false, | ||
| cidr: false, | ||
@@ -69,3 +73,3 @@ ranges: false, | ||
| if (forwardedIpsStr) { | ||
| if (settings.allowForwardedIps && forwardedIpsStr) { | ||
| var forwardedIps = forwardedIpsStr.split(','); | ||
@@ -75,9 +79,11 @@ ipAddress = forwardedIps[0]; | ||
| if(settings.allowCloudFlare && cloudFlareConnectingIp!=undefined){ | ||
| ipAddress=cloudFlareConnectingIp; | ||
| } | ||
| if (!ipAddress) { | ||
| ipAddress = req.connection.remoteAddress; | ||
| } | ||
| if(cloudFlareConnectingIp!=undefined){ | ||
| ipAddress=cloudFlareConnectingIp; | ||
| } | ||
| if(!ipAddress){ | ||
@@ -149,3 +155,3 @@ return ''; | ||
| if(settings.log){ | ||
| console.log('Access granted for excluded path: ' + results[0]); | ||
| settings.logF('Access granted for excluded path: ' + results[0]); | ||
| } | ||
@@ -152,0 +158,0 @@ return next(); |
| { | ||
| "name": "express-ipfilter", | ||
| "description": "A light-weight IP address based filtering system", | ||
| "version": "0.0.19", | ||
| "version": "0.0.20", | ||
| "author": "BaM Interactive", | ||
@@ -6,0 +6,0 @@ "dependencies": { |
@@ -9,3 +9,3 @@ express-ipfilter: A light-weight IP address based filtering system | ||
| ## Version | ||
| 0.0.19 | ||
| 0.0.20 | ||
@@ -76,2 +76,6 @@ ## Installation | ||
| 0.0.20 | ||
| * Added a setting to explicitly allow CloudFlare and Forwarded IPs. By default they are set to not allow these headers. Thanks to @longstone! | ||
| 0.0.19 | ||
@@ -78,0 +82,0 @@ |
418
test.js
@@ -5,9 +5,9 @@ 'use strict'; | ||
| var | ||
| ipfilter = require('./index'), | ||
| assert = require('assert'); | ||
| ipfilter = require('./index'), | ||
| assert = require('assert'); | ||
| describe('enforcing IP address blacklist restrictions', function(){ | ||
| describe('enforcing IP address blacklist restrictions', function () { | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false }); | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false, allowCloudFlare: true, allowForwardedIps: true}); | ||
| this.req = { | ||
@@ -22,5 +22,5 @@ session: {}, | ||
| it('should allow all non-blacklisted ips', function( done ){ | ||
| it('should allow all non-blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.2'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -30,5 +30,5 @@ }); | ||
| it('should allow all non-blacklisted forwarded ips', function( done ){ | ||
| it('should allow all non-blacklisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.2'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -38,7 +38,7 @@ }); | ||
| it('should deny all blacklisted ips', function( done ){ | ||
| it('should deny all blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -48,10 +48,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should deny all blacklisted forwarded ips', function( done ){ | ||
| it('should deny all blacklisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -61,10 +62,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing IP address whitelist restrictions', function(){ | ||
| describe('enforcing IP address whitelist restrictions', function () { | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false, mode: 'allow' }); | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false, allowForwardedIps:true, allowCloudFlare:true, mode: 'allow'}); | ||
| this.req = { | ||
@@ -79,5 +81,5 @@ session: {}, | ||
| it('should allow whitelisted ips', function( done ){ | ||
| it('should allow whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -87,5 +89,5 @@ }); | ||
| it('should allow whitelisted forwarded ips', function( done ){ | ||
| it('should allow whitelisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -95,5 +97,5 @@ }); | ||
| it('should allow whitelisted port ips',function(done){ | ||
| it('should allow whitelisted port ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1:84849'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -103,7 +105,7 @@ }); | ||
| it('should deny all non-whitelisted ips', function( done ){ | ||
| it('should deny all non-whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.2'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -113,10 +115,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should deny all non-whitelisted forwarded ips', function( done ){ | ||
| it('should deny all non-whitelisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.2'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -126,11 +129,12 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('using cidr block',function(){ | ||
| describe('enforcing whitelist restrictions',function(){ | ||
| beforeEach(function(){ | ||
| describe('using cidr block', function () { | ||
| describe('enforcing whitelist restrictions', function () { | ||
| beforeEach(function () { | ||
| // Ip range: 127.0.0.1 - 127.0.0.14 | ||
| this.ipfilter = ipfilter([ '127.0.0.1/28' ], { cidr: true, log: false, mode: 'allow' }); | ||
| this.ipfilter = ipfilter(['127.0.0.1/28'], {cidr: true, allowForwardedIps:true, log: false, mode: 'allow'}); | ||
| this.req = { | ||
@@ -145,5 +149,5 @@ session: {}, | ||
| it('should allow whitelisted ips', function( done ){ | ||
| it('should allow whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -153,5 +157,5 @@ }); | ||
| it('should allow whitelisted forwarded ips', function( done ){ | ||
| it('should allow whitelisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -161,7 +165,7 @@ }); | ||
| it('should deny all non-whitelisted ips', function( done ){ | ||
| it('should deny all non-whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.17'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -171,10 +175,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should deny all non-whitelisted forwarded ips', function( done ){ | ||
| it('should deny all non-whitelisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.17'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -184,10 +189,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing IP address blacklist restrictions', function(){ | ||
| describe('enforcing IP address blacklist restrictions', function () { | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ '127.0.0.1/28' ], { cidr: true, log: false }); | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1/28'], {cidr: true, allowForwardedIps:true, allowCloudFlare:true, log: false}); | ||
| this.req = { | ||
@@ -202,5 +208,5 @@ session: {}, | ||
| it('should allow all non-blacklisted ips', function( done ){ | ||
| it('should allow all non-blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.17'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -210,5 +216,5 @@ }); | ||
| it('should allow all non-blacklisted forwarded ips', function( done ){ | ||
| it('should allow all non-blacklisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.17'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -218,7 +224,7 @@ }); | ||
| it('should deny all blacklisted ips', function( done ){ | ||
| it('should deny all blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -228,10 +234,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should deny all blacklisted forwarded ips', function( done ){ | ||
| it('should deny all blacklisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -241,9 +248,10 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing private ip restrictions',function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ '127.0.0.1/28' ], { cidr: true, log: false, allowPrivateIPs: true }); | ||
| describe('enforcing private ip restrictions', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1/28'], {cidr: true, log: false, allowPrivateIPs: true}); | ||
| this.req = { | ||
@@ -258,5 +266,5 @@ session: {}, | ||
| it('should allow all private ips', function( done ){ | ||
| it('should allow all private ips', function (done) { | ||
| this.req.connection.remoteAddress = '10.0.0.0'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -266,9 +274,10 @@ }); | ||
| }); | ||
| }); | ||
| describe('using ranges',function(){ | ||
| describe('enforcing whitelist restrictions',function(){ | ||
| beforeEach(function(){ | ||
| describe('using ranges', function () { | ||
| describe('enforcing whitelist restrictions', function () { | ||
| beforeEach(function () { | ||
| // Ip range: 127.0.0.1 - 127.0.0.14 | ||
| this.ipfilter = ipfilter([ ['127.0.0.1','127.0.0.3'] ], { ranges: true, log: false, mode: 'allow' }); | ||
| this.ipfilter = ipfilter([['127.0.0.1', '127.0.0.3']], {ranges: true, allowForwardedIps:true, log: false, mode: 'allow'}); | ||
| this.req = { | ||
@@ -283,5 +292,5 @@ session: {}, | ||
| it('should allow whitelisted ips', function( done ){ | ||
| it('should allow whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -291,5 +300,5 @@ }); | ||
| it('should allow whitelisted ips with port numbers', function( done ){ | ||
| it('should allow whitelisted ips with port numbers', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1:93923'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -299,5 +308,5 @@ }); | ||
| it('should allow whitelisted forwarded ips', function( done ){ | ||
| it('should allow whitelisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -307,7 +316,7 @@ }); | ||
| it('should deny all non-whitelisted ips', function( done ){ | ||
| it('should deny all non-whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.17'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -317,10 +326,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should deny all non-whitelisted forwarded ips', function( done ){ | ||
| it('should deny all non-whitelisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.17'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -330,10 +340,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing ip restrictions with only one ip in the range',function(){ | ||
| beforeEach(function(){ | ||
| describe('enforcing ip restrictions with only one ip in the range', function () { | ||
| beforeEach(function () { | ||
| // Ip range: 127.0.0.1 - 127.0.0.14 | ||
| this.ipfilter = ipfilter([ ['127.0.0.1'] ], { ranges: true, log: false, mode: 'allow' }); | ||
| this.ipfilter = ipfilter([['127.0.0.1']], {ranges: true, log: false, mode: 'allow'}); | ||
| this.req = { | ||
@@ -348,5 +359,5 @@ session: {}, | ||
| it('should allow whitelisted ips', function( done ){ | ||
| it('should allow whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -356,7 +367,7 @@ }); | ||
| it('should deny all non-whitelisted ips', function( done ){ | ||
| it('should deny all non-whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.17'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -366,10 +377,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing IP address blacklist restrictions', function(){ | ||
| describe('enforcing IP address blacklist restrictions', function () { | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ ['127.0.0.1','127.0.0.3'] ], { ranges: true, log: false }); | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter([['127.0.0.1', '127.0.0.3']], {ranges: true, allowForwardedIps:true, log: false}); | ||
| this.req = { | ||
@@ -384,5 +396,5 @@ session: {}, | ||
| it('should allow all non-blacklisted ips', function( done ){ | ||
| it('should allow all non-blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.17'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -392,5 +404,5 @@ }); | ||
| it('should allow all non-blacklisted forwarded ips', function( done ){ | ||
| it('should allow all non-blacklisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.17'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -400,7 +412,7 @@ }); | ||
| it('should deny all blacklisted ips', function( done ){ | ||
| it('should deny all blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -410,10 +422,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should deny all blacklisted forwarded ips', function( done ){ | ||
| it('should deny all blacklisted forwarded ips', function (done) { | ||
| this.req.headers['x-forwarded-for'] = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -423,9 +436,10 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing private ip restrictions',function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ ['127.0.0.1','127.0.0.3'] ], { ranges: true, log: false, allowPrivateIPs: true }); | ||
| describe('enforcing private ip restrictions', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter([['127.0.0.1', '127.0.0.3']], {ranges: true, log: false, allowPrivateIPs: true}); | ||
| this.req = { | ||
@@ -440,5 +454,5 @@ session: {}, | ||
| it('should allow all private ips', function( done ){ | ||
| it('should allow all private ips', function (done) { | ||
| this.req.connection.remoteAddress = '10.0.0.0'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -450,5 +464,5 @@ }); | ||
| describe('excluding certain routes from filtering',function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter(['127.0.0.1'], { log: false, mode: 'allow', excluding: ['/foo.*'] }); | ||
| describe('excluding certain routes from filtering', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false, mode: 'allow', excluding: ['/foo.*']}); | ||
| this.req = { | ||
@@ -464,5 +478,5 @@ session: {}, | ||
| it('should allow requests to excluded paths', function( done ){ | ||
| it('should allow requests to excluded paths', function (done) { | ||
| this.req.connection.remoteAddress = '190.0.0.0'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -472,8 +486,8 @@ }); | ||
| it('should deny requests to other paths', function(done){ | ||
| it('should deny requests to other paths', function (done) { | ||
| this.req.url = '/bar'; | ||
| this.req.connection.remoteAddress = '190.0.0.0'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -483,9 +497,10 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('no ip address can be found',function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter(['127.0.0.1'], { log: false, mode: 'allow', excluding: ['/foo.*'] }); | ||
| describe('no ip address can be found', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false, mode: 'allow', excluding: ['/foo.*']}); | ||
| this.req = { | ||
@@ -500,8 +515,8 @@ session: {}, | ||
| it('should deny requests', function(done){ | ||
| it('should deny requests', function (done) { | ||
| this.req.url = '/bar'; | ||
| this.req.connection.remoteAddress = ''; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -511,3 +526,4 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
@@ -573,6 +589,6 @@ }); | ||
| describe('an array of cidr blocks',function(){ | ||
| describe('blacklist',function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter(['72.30.0.0/26', '127.0.0.1/24'], { cidr: true, mode: 'deny', log: false }); | ||
| describe('an array of cidr blocks', function () { | ||
| describe('blacklist', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['72.30.0.0/26', '127.0.0.1/24'], {cidr: true, mode: 'deny', log: false}); | ||
| this.req = { | ||
@@ -587,7 +603,7 @@ session: {}, | ||
| it('should deny all blacklisted ips', function( done ){ | ||
| it('should deny all blacklisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -597,9 +613,10 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('whitelist',function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter(['72.30.0.0/26', '127.0.0.1/24'], { cidr: true, mode: 'allow', log: false }); | ||
| describe('whitelist', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['72.30.0.0/26', '127.0.0.1/24'], {cidr: true, mode: 'allow', log: false}); | ||
| this.req = { | ||
@@ -614,5 +631,5 @@ session: {}, | ||
| it('should allow all whitelisted ips', function( done ){ | ||
| it('should allow all whitelisted ips', function (done) { | ||
| this.req.connection.remoteAddress = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -625,6 +642,6 @@ }); | ||
| //CloudFlare Tests | ||
| describe('enforcing cloudflare based client IP address blacklist restrictions', function(){ | ||
| describe('enforcing cloudflare based client IP address blacklist restrictions', function () { | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false }); | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false, allowCloudFlare: true}); | ||
| this.req = { | ||
@@ -639,5 +656,5 @@ session: {}, | ||
| it('should allow all non-blacklisted forwarded ips', function( done ){ | ||
| it('should allow all non-blacklisted forwarded ips', function (done) { | ||
| this.req.headers['cf-connecting-ip'] = '127.0.0.2'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
@@ -647,7 +664,7 @@ }); | ||
| it('should deny all blacklisted forwarded ips', function( done ){ | ||
| it('should deny all blacklisted forwarded ips', function (done) { | ||
| this.req.headers['cf-connecting-ip'] = '127.0.0.1'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -657,9 +674,11 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing cloudflare based client IP address whitelist restrictions', function(){ | ||
| beforeEach(function(){ | ||
| this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false, mode: 'allow' }); | ||
| describe('ignore cloudflare based client IP address when disabled', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false}); | ||
| this.req = { | ||
@@ -669,2 +688,72 @@ session: {}, | ||
| connection: { | ||
| remoteAddress: '127.0.0.1' | ||
| } | ||
| } | ||
| }); | ||
| it('should deny blacklisted not regarding cloudflare header', function (done) { | ||
| this.req.headers['cf-connecting.ip'] = '127.0.0.2'; | ||
| var res = { | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
| } | ||
| }; | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should allow valid remoteAddress not regarding cloudflare header', function (done) { | ||
| this.req.headers['cf-connecting.ip'] = '127.0.0.1'; | ||
| this.req.connection.remoteAddress = '127.0.0.2'; | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| describe('ignore forwarded client IP address when disabled', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false}); | ||
| this.req = { | ||
| session: {}, | ||
| headers: [], | ||
| connection: { | ||
| remoteAddress: '127.0.0.1' | ||
| } | ||
| } | ||
| }); | ||
| it('should deny blacklisted not regarding forwarded header', function (done) { | ||
| this.req.headers['cf-connecting.ip'] = '127.0.0.2'; | ||
| var res = { | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
| } | ||
| }; | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| it('should allow valid remoteAddress not regarding forwarded header', function (done) { | ||
| this.req.headers['cf-connecting.ip'] = '127.0.0.1'; | ||
| this.req.connection.remoteAddress = '127.0.0.2'; | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| describe('enforcing cloudflare based client IP address whitelist restrictions', function () { | ||
| beforeEach(function () { | ||
| this.ipfilter = ipfilter(['127.0.0.1'], {log: false, allowCloudFlare: true, mode: 'allow'}); | ||
| this.req = { | ||
| session: {}, | ||
| headers: [], | ||
| connection: { | ||
| remoteAddress: '' | ||
@@ -675,13 +764,13 @@ } | ||
| it('should allow whitelisted forwarded ips', function( done ){ | ||
| it('should allow whitelisted forwarded ips', function (done) { | ||
| this.req.headers['cf-connecting-ip'] = '127.0.0.1'; | ||
| this.ipfilter( this.req, {}, function(){ | ||
| this.ipfilter(this.req, {}, function () { | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should deny all non-whitelisted forwarded ips', function( done ){ | ||
| it('should deny all non-whitelisted forwarded ips', function (done) { | ||
| this.req.headers['cf-connecting-ip'] = '127.0.0.2'; | ||
| var res = { | ||
| end: function(){ | ||
| assert.equal( 401, res.statusCode ); | ||
| end: function () { | ||
| assert.equal(401, res.statusCode); | ||
| done(); | ||
@@ -691,5 +780,6 @@ } | ||
| this.ipfilter( this.req, res, function(){}); | ||
| this.ipfilter(this.req, res, function () { | ||
| }); | ||
| }); | ||
| }) |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by13.32%
32823
- Number of package files
- increased by11.11%
10
- Lines of code
- increased by11.73%
781
- Number of lines in readme file
- increased by2.84%
145
No dependency changes