@cloud-copilot/iam-simulate/dist/cjs/condition/ipaddress/ip.js

Simulate evaluation of AWS IAM policies

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkIfIpAddress = checkIfIpAddress;
const ipv4_js_1 = require("./ipv4.js");
const ipv6_js_1 = require("./ipv6.js");
/**
 * Check if the request value is within the policy value CIDR block if the policy value is a valid CIDR block.
 *
 * @param policyValue - The CIDR block to check against.
 * @param requestValue - The IP address to check.
 * @param expectInCidr - If true, the function checks if the request value is within the CIDR block; if false, it checks if it is outside.
 * @returns An object explaining the result.
 */
function checkIfIpAddress(policyValue, requestValue, expectInCidr) {
    if ((0, ipv4_js_1.isValidCidrV4)(policyValue)) {
        if ((0, ipv6_js_1.isValidIpV6)(requestValue)) {
            return {
                matches: false == expectInCidr,
                value: policyValue
            };
        }
        if (!(0, ipv4_js_1.isValidIpV4)(requestValue)) {
            return {
                matches: false,
                value: policyValue
            };
        }
        return {
            matches: (0, ipv4_js_1.isIpInCidrV4)(requestValue, policyValue) == expectInCidr,
            value: policyValue
        };
    }
    if ((0, ipv4_js_1.isValidIpV4)(policyValue)) {
        return {
            matches: (0, ipv4_js_1.isValidIpV4)(requestValue) && (policyValue === requestValue) == expectInCidr,
            value: policyValue
        };
    }
    if ((0, ipv6_js_1.isValidIpCidrV6)(policyValue)) {
        if ((0, ipv4_js_1.isValidIpV4)(requestValue)) {
            return {
                matches: false == expectInCidr,
                value: policyValue
            };
        }
        if (!(0, ipv6_js_1.isValidIpV6)(requestValue)) {
            return {
                matches: false,
                value: policyValue,
                errors: [`Request value '${requestValue}' not a valid IPv6 address`]
            };
        }
        return {
            matches: (0, ipv6_js_1.isIpInCidrV6)(requestValue, policyValue) == expectInCidr,
            value: policyValue
        };
    }
    if ((0, ipv6_js_1.isValidIpV6)(policyValue)) {
        return {
            matches: (0, ipv6_js_1.isValidIpV6)(requestValue) && (policyValue === requestValue) == expectInCidr,
            value: policyValue
        };
    }
    return {
        matches: false,
        value: policyValue,
        errors: [`${policyValue} is not a valid CIDR block`]
    };
}
//# sourceMappingURL=ip.js.map