UNPKG

hono

Version:

Web framework built on Web Standards

hono.dev

honojs/hono

107 lines (106 loc) 3.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
// src/middleware/ip-restriction/index.ts import { HTTPException } from "../../http-exception.js"; import { convertIPv4ToBinary, convertIPv6BinaryToString, convertIPv6ToBinary, distinctRemoteAddr } from "../../utils/ipaddr.js"; var IS_CIDR_NOTATION_REGEX = /\/[0-9]{0,3}$/; var buildMatcher = (rules) => { const functionRules = []; const staticRules = /* @__PURE__ */ new Set(); const cidrRules = []; for (let rule of rules) { if (rule === "*") { return () => true; } else if (typeof rule === "function") { functionRules.push(rule); } else { if (IS_CIDR_NOTATION_REGEX.test(rule)) { const splittedRule = rule.split("/"); const addrStr = splittedRule[0]; const type2 = distinctRemoteAddr(addrStr); if (type2 === void 0) { throw new TypeError(`Invalid rule: ${rule}`); } const isIPv4 = type2 === "IPv4"; const prefix = parseInt(splittedRule[1]); if (isIPv4 ? prefix === 32 : prefix === 128) { rule = addrStr; } else { const addr = (isIPv4 ? convertIPv4ToBinary : convertIPv6ToBinary)(addrStr); const mask = (1n << BigInt(prefix)) - 1n << BigInt((isIPv4 ? 32 : 128) - prefix); cidrRules.push([isIPv4, addr & mask, mask]); continue; } } const type = distinctRemoteAddr(rule); if (type === void 0) { throw new TypeError(`Invalid rule: ${rule}`); } staticRules.add( type === "IPv4" ? rule : convertIPv6BinaryToString(convertIPv6ToBinary(rule)) ); } } return (remote) => { if (staticRules.has(remote.addr)) { return true; } for (const [isIPv4, addr, mask] of cidrRules) { if (isIPv4 !== remote.isIPv4) { continue; } const remoteAddr = remote.binaryAddr ||= (isIPv4 ? convertIPv4ToBinary : convertIPv6ToBinary)(remote.addr); if ((remoteAddr & mask) === addr) { return true; } } for (const rule of functionRules) { if (rule({ addr: remote.addr, type: remote.type })) { return true; } } return false; }; }; var ipRestriction = (getIP, { denyList = [], allowList = [] }, onError) => { const allowLength = allowList.length; const denyMatcher = buildMatcher(denyList); const allowMatcher = buildMatcher(allowList); const blockError = (c) => new HTTPException(403, { res: c.text("Forbidden", { status: 403 }) }); return async function ipRestriction2(c, next) { const connInfo = getIP(c); const addr = typeof connInfo === "string" ? connInfo : connInfo.remote.address; if (!addr) { throw blockError(c); } const type = typeof connInfo !== "string" && connInfo.remote.addressType || distinctRemoteAddr(addr); const remoteData = { addr, type, isIPv4: type === "IPv4" }; if (denyMatcher(remoteData)) { if (onError) { return onError({ addr, type }, c); } throw blockError(c); } if (allowMatcher(remoteData)) { return await next(); } if (allowLength === 0) { return await next(); } else { if (onError) { return await onError({ addr, type }, c); } throw blockError(c); } }; }; export { ipRestriction };