UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

aikido.dev/zen

AikidoSec/firewall-node

39 lines (38 loc) 1.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.ipAllowedToAccessRoute = ipAllowedToAccessRoute; const isLocalhostIP_1 = require("../../helpers/isLocalhostIP"); function ipAllowedToAccessRoute(context, agent) { // Always allow localhost IPs if (context.remoteAddress && (0, isLocalhostIP_1.isLocalhostIP)(context.remoteAddress)) { return true; } // Get all matching endpoints with allowedIPAddresses defined const matches = agent .getConfig() .getEndpoints(context) .filter((m) => m.allowedIPAddresses !== undefined); if (!matches.length) { // No matches found, so we can allow access return true; } if (!context.remoteAddress) { // Always block if remote address is unknown return false; } // Check exact match first // If exact match allows the IP address, we can allow access without checking other matching endpoint configurations const exact = matches.find((m) => m.route === context.route); if (exact && exact.allowedIPAddresses) { if (exact.allowedIPAddresses.has(context.remoteAddress)) { return true; } } for (const endpoint of matches) { const { allowedIPAddresses } = endpoint; if (!allowedIPAddresses.has(context.remoteAddress)) { return false; } } return true; }