create: function (n, cb) { if(isFunction(n) || n == null || isNaN(n)) return cb(new Error('invite.create must get number of uses.')) var addr = server.getAddress() var host = addr.split(':')[0] if(!server.config.allowPrivate && ( ip.isPrivate(host) || 'localhost' === host) ) return cb(new Error('Server has no public ip address,' + 'cannot create useable invitation')) var secret = crypto.randomBytes(32).toString('base64') var keyId = ssbKeys.hash(secret, 'base64') // codes[keyId] = { // secret: secret, total: n, used: 0 // } var owner = server.feed codesDB.put(keyId, { secret: secret, total: +n, used: 0 }, function (err) { if(err) cb(err) else cb(null, [addr, owner.id, secret].join(',')) }) },
create: function (n, cb) { if(isFunction(n) || n == null || isNaN(n)) return cb(new Error('invite.create must get number of uses.')) var addr = server.getAddress() var host = addr.split(':')[0] if(!server.config.allowPrivate && ( ip.isPrivate(host) || 'localhost' === host) ) return cb(new Error('Server has no public ip address,' + 'cannot create useable invitation')) //this stuff is SECURITY CRITICAL //so it should be moved into the main app. //there should be something that restricts what //permissions the plugin can create also: //it should be able to diminish it's own permissions. var seed = crypto.randomBytes(32) var keyCap = ssbKeys.generate('ed25519', seed) var owner = server.feed.keys.public codesDB.put(keyCap.id, { public: keyCap.public, total: +n, used: 0, //TODO: kill "emit" //(need to figure out what its used for) permissions: {allow: ['emit', 'invite.use'], deny: null} }, function (err) { if(err) cb(err) else cb(null, addr + '@' + seed.toString('base64')) }) },
Checker.prototype._hasPrivateIps = function (results) { for (var i = 0; i < results.length; i++) { if (iplib.isPrivate(results[i])) return true; } return false; };
.filter(peer => { // Removing peers with private address or nonce equal to itself if ((process.env.NODE_ENV || '').toUpperCase() === 'TEST') { return peer.nonce !== modules.system.getNonce(); } return !ip.isPrivate(peer.ip) && peer.nonce !== modules.system.getNonce(); })
var matchClientIp = function(ip){ var mode = settings.mode.toLowerCase(), allowedIp = false, notBannedIp = false, isPrivateIpOkay = false; // Normalize mode if(settings.cidr){ for(var i = 0; i < ips.length; i++){ var block = new Netmask(ips[i]); if(block.contains(ip)){ allowedIp = (mode === 'allow'); if(mode === 'deny'){ notBannedIp = false; } break; }else{ notBannedIp = (mode === 'deny'); isPrivateIpOkay = settings.allowPrivateIPs && iputil.isPrivate(ip); } } }else if(settings.ranges){ var filteredSet = _.filter(ips,function(ipSet){ if(ipSet.length > 1){ var startIp = iputil.toLong(ipSet[0]); var endIp = iputil.toLong(ipSet[1]); var longIp = iputil.toLong(ip); return longIp >= startIp && longIp <= endIp; }else{ return ip === ipSet[0]; } }); allowedIp = (mode === 'allow' && filteredSet.length > 0); notBannedIp = (mode === 'deny' && filteredSet.length === 0); isPrivateIpOkay = settings.allowPrivateIPs && iputil.isPrivate(ip) && !(mode === 'deny' && filteredSet.length > 0); }else{ allowedIp = (mode === 'allow' && ips.indexOf(ip) !== -1); notBannedIp = (mode === 'deny' && ips.indexOf(ip) === -1); isPrivateIpOkay = settings.allowPrivateIPs && iputil.isPrivate(ip) && !(mode === 'deny' && ips.indexOf(ip) !== -1); } return allowedIp || notBannedIp || isPrivateIpOkay; };
exports.isPub = function (id) { // try to find the ID in the peerlist, and see if it's a public peer if so for (var i=0; i < app.peers.length; i++) { var peer = app.peers[i] if (peer.key === id && !ip.isPrivate(peer.host)) return true } return false }
Object.keys(forwarded.for).forEach(function (ip) { // use IP filters var filtered = filter(ip, opts.filter, true) // remove private ips if (filtered === null || (opts.allowPrivate === true ? false : IP.isPrivate(ip))) { delete forwarded.for[ip] } })
is_ip_private = all_forwarded_for_array.reduce((previous, current) => { try { if (!(current.trim())) { return previous; } else { return previous && IP.isPrivate(current.trim()); } } catch (err) { return true; } }, is_ip_private);
function getClientPublicAddress(socket) { var address, forwarded_for = socket.handshake.headers['x-forwarded-for']; if (forwarded_for) { if (ip.isPrivate(forwarded_for)) { // the request comes from a LAN // original room by IP address is useful address = socket.handshake.address; } else { // the request is behind a reverse proxy address = forwarded_for; } } else { address = socket.handshake.address; if (ip.isPrivate(address)) { address = 'localhost'; } } return address; }
function evalType(opts, clientIP) { if (opts.privateAddress) { return ip.isPrivate(clientIP) } if (opts.publicAddress) { return ip.isPublic(clientIP) } if (opts.loopback) { return ip.isLoopback(clientIP) } return false }
;(peers||app.peers||[]).forEach(function (peer) { // filter out LAN peers if (ip.isLoopback(peer.host) || ip.isPrivate(peer.host)) return var connectSuccess = (peer.time && peer.time.connect && (peer.time.connect > peer.time.attempt) || peer.connected) if (connectSuccess) connected++ if (social.follows(peer.key, app.user.id)) { membersof++ if (connectSuccess) membersofActive++ if (!peer.time || !peer.time.attempt) membersofUntried++ } })
;(peers||app.peers||[]).forEach(function (peer) { if (ip.isLoopback(peer.host)) return if (peer.connected) { connected.push(peer.id) } if (peer.connected || (peer.time && peer.time.connect)) { //TODO not sure about this if (ip.isPrivate(peer.host) || ip.isLoopback(peer.host)) { //if (ip.isPrivate(peer.host)) { local.push(peer.id) } else { remote.push(peer.id) } } })
const __page_is_unavailable = (page_descriptor) => { if (!page_descriptor.pageMetadata.enabled) { logger.warn("The requested page: " + page_descriptor.pageMetadata.page_id + " is disabled"); return true; } // example: "x-forwarded-for": "73.158.252.206, 172.31.27.18, 172.31.18.6, 172.31.28.247", // let all_forwarded_for_str = request.headers["x-forwarded-for"] || ""; let ip_regex = /\s*,\s*/; let all_forwarded_for_array = all_forwarded_for_str.split(ip_regex); let is_ip_private = true; try { is_ip_private = IP.isPrivate(request.info.remoteAddress); } catch (err) { // } is_ip_private = all_forwarded_for_array.reduce((previous, current) => { try { if (!(current.trim())) { return previous; } else { return previous && IP.isPrivate(current.trim()); } } catch (err) { return true; } }, is_ip_private); if ((!is_ip_private) && (page_descriptor.pageMetadata.access_conditions.visibility === "INTERNAL")) { logger.warn("The requested page: " + page_descriptor.pageMetadata.page_id + " is for INTERNAL visibility only"); return true; } let nowDate = moment(); if (nowDate.isBefore(page_descriptor.pageMetadata.campaign_start_date) || nowDate.isAfter(page_descriptor.pageMetadata.campaign_end_date)) { logger.warn("The campain duration for the requested page: " + page_descriptor.pageMetadata.page_id + " has expired"); return true; } else { return false; } };
Checker.prototype.isPrivate = function (domain, cb) { domain = this._parseDomain(domain); if (!domain) { return cb("Could not parse domain"); } if (this._isIPV4(domain) || this._isIPV6(domain)) { return cb(null, iplib.isPrivate(domain)); } var types = []; this.options.ipv4 && types.push(4); this.options.ipv6 && types.push(6); if (!types.length) { var err = "Does not check neither ipv4, nor ipv6"; console.error(err); return cb(err); } types = types.map(function(type) { return this._checkDomain.bind(this, domain, type) }.bind(this)); async.parallel(types, function(err, results) { if (err) throw err; var resultsWithoutErorrs = results.filter(function(result) { return ! result.error; }); if (resultsWithoutErorrs.length == 0) return cb(results[0].error); var hasPrivateIps = resultsWithoutErorrs.filter(function(result) { return result.hasPrivate; }).length > 0; cb(err, hasPrivateIps); }); };
app.use(function (req, res, next) { var settings = settingsModule.settings; var isPrivate = ip.isPrivate(req.connection.remoteAddress); if (!isPrivate && githubBlock.contains(req.connection.remoteAddress)) { isPrivate = true; } if (settings.isPasswordProtected && !isPrivate && settings.userName && settings.userPassword) { var credentials = auth(req); if (!credentials || credentials.name !== settings.userName || credentials.pass !== settings.userPassword) { res.writeHead(401, { 'WWW-Authenticate': 'Basic realm="buttlejs"' }); return res.end('OH no you didnt?!'); } else { return next(); } } return next(); });
natupnpClient.externalIp(function(err, wanip) { if (err) { self._log.warn('could not obtain public IP address'); return callback(err); } if (!net.isIP(wanip)) { self._log.warn('UPnP device has no valid IP address: %s', JSON.stringify(wanip)); return callback(new Error('UPnP device has no valid IP address')); } if (ip.isPrivate(wanip)) { self._log.warn('UPnP device has no public IP address: %s', wanip); return callback(new Error('UPnP device has no public IP address')); } self._log.info('successfully traversed NAT via UPnP: %s:%s', wanip, port); callback(null, wanip, port); });
Transport.prototype._checkIfReachable = function(callback) { if (ip.isPrivate(this._contact.address)) { return callback(false); } var sock = net.connect({ host: this._contact.address, port: this._contact.port }); sock.once('error', () => { callback(false); sock.removeAllListeners(); sock.destroy(); }); sock.once('connect', () => { callback(true); sock.removeAllListeners(); sock.end(); }); };
function validateInputForm() { var errors = []; if (inputForm.publicLan1.name !== undefined) { var templatePublicLan1 = factoryNetworkTemplate.networks[inputForm.publicLan1.name]; var isFormatOk = true; if (templatePublicLan1.network !== inputForm.publicLan1.network || templatePublicLan1.netmask !== inputForm.publicLan1.netmask) { if (!ip.isV4Format(inputForm.publicLan1.network)) { errors.push(inputForm.publicLan1.name + ' network is not valid ip format'); isFormatOk = false; } else if (ip.isPrivate(inputForm.publicLan1.network)) { errors.push(inputForm.publicLan1.name + ' must be public address'); isFormatOk = false; } if (!ip.isV4Format(inputForm.publicLan1.netmask)) { errors.push(inputForm.publicLan1.name + ' mask is not valid ip format'); isFormatOk = false; } else if (!NET_MASK_PATTERN.test(inputForm.publicLan1.netmask)) { errors.push(inputForm.publicLan1.name + ' mask is not valid pattern'); isFormatOk = false; } lodash.forEach(inputForm.publicLan1.scalers, function(scaler) { if (!ip.isV4Format(scaler.address)) { errors.push(scaler.display + ' is not valid ip format'); isFormatOk = false; } }); } if (isFormatOk) { var subnet = ip.subnet(inputForm.publicLan1.network, inputForm.publicLan1.netmask); lodash.forEach(inputForm.publicLan1.scalers, function(scaler) { if (subnet.contains(scaler.address) === false) { errors.push(scaler.name + ' address is not in valid ip range for Public Lan 1'); } if (scaler.address === subnet.networkAddress) { errors.push(scaler.name + ' address should not same with network address for Public Lan 1'); } if (scaler.address === subnet.broadcastAddress) { errors.push(scaler.name + ' address should not same with broadcast address for Public Lan 1'); } }); if (inputForm.publicLan1.destinationGateway !== '') { if (!ip.isV4Format(inputForm.publicLan1.destinationGateway)) { errors.push('Gateway address is not valid ip format'); } else if (!subnet.contains(inputForm.publicLan1.destinationGateway)) { errors.push('Gateway address is not in valid ip range'); } } else { errors.push('Gateway address is required'); } } } if (inputForm.publicLan2.name !== undefined && inputForm.nicBonding.add === undefined && systemHasNicBonding === false) { var templatePublicLan2 = factoryNetworkTemplate.networks[inputForm.publicLan2.name]; isFormatOk = true; if (templatePublicLan2.network !== inputForm.publicLan2.network || templatePublicLan2.netmask !== inputForm.publicLan2.netmask) { if (!ip.isV4Format(inputForm.publicLan2.network)) { errors.push(inputForm.publicLan2.name + ' network is not valid ip format'); isFormatOk = false; } else if (!ip.isPublic(inputForm.publicLan2.network)) { errors.push(inputForm.publicLan2.name + ' must be public network'); isFormatOk = false; } if (!ip.isV4Format(inputForm.publicLan2.netmask)) { errors.push(inputForm.publicLan2.name + ' mask is not valid ip format'); isFormatOk = false; } else if (!NET_MASK_PATTERN.test(inputForm.publicLan2.netmask)) { errors.push(inputForm.publicLan2.name + ' mask is not valid pattern'); isFormatOk = false; } lodash.forEach(inputForm.publicLan2.scalers, function(scaler) { if (!ip.isV4Format(scaler.address)) { errors.push(scaler.display + ' is not valid ip format'); isFormatOk = false; } }); } if (isFormatOk) { subnet = ip.subnet(inputForm.publicLan2.network, inputForm.publicLan2.netmask); lodash.forEach(inputForm.publicLan2.scalers, function(scaler) { if (subnet.contains(scaler.address) === false) { errors.push(scaler.name + ' address is not in valid ip range for Public Lan 2'); } if (scaler.address === subnet.networkAddress) { errors.push(scaler.name + ' address should not same with network address for Public Lan 2'); } if (scaler.address === subnet.broadcastAddress) { errors.push(scaler.name + ' address should not same with broadcast address for Public Lan 2'); } }); } } if (inputForm.managementLan1.name !== undefined) { var templateManagementLan1 = factoryNetworkTemplate.networks[inputForm.managementLan1.name]; if (templateManagementLan1.network !== inputForm.managementLan1.network || templateManagementLan1.netmask !== inputForm.managementLan1.netmask) { if (!ip.isV4Format(inputForm.managementLan1.network)) { errors.push(inputForm.managementLan1.name + ' network is not valid ip format'); } else if (!ip.isPrivate(inputForm.managementLan1.network)) { errors.push(inputForm.managementLan1.name + ' must be private network'); } if (!ip.isV4Format(inputForm.managementLan1.netmask)) { errors.push(inputForm.managementLan1.name + ' mask is not valid ip format'); } else if (!NET_MASK_PATTERN.test(inputForm.managementLan1.netmask)) { errors.push(inputForm.managementLan1.name + ' mask is not valid pattern'); } } } if (inputForm.managementLan2.name !== undefined) { var templateManagementLan2 = factoryNetworkTemplate.networks[inputForm.managementLan2.name]; if (templateManagementLan2.network !== inputForm.managementLan2.network || templateManagementLan2.netmask !== inputForm.managementLan2.netmask) { if (!ip.isV4Format(inputForm.managementLan2.network)) { errors.push(inputForm.managementLan2.name + ' network is not valid ip format'); } else if (!ip.isPrivate(inputForm.managementLan2.network)) { errors.push(inputForm.managementLan2.name + ' must be private network'); } if (!ip.isV4Format(inputForm.managementLan2.netmask)) { errors.push(inputForm.managementLan2.name + ' mask is not valid ip format'); } else if (!NET_MASK_PATTERN.test(inputForm.managementLan2.netmask)) { errors.push(inputForm.managementLan2.name + ' mask is not valid pattern'); } } } if (inputForm.storageLan1.name !== undefined) { var templateStorageLan1 = factoryNetworkTemplate.networks[inputForm.storageLan1.name]; if (templateStorageLan1.network !== inputForm.storageLan1.network || templateStorageLan1.netmask !== inputForm.storageLan1.netmask) { if (!ip.isV4Format(inputForm.storageLan1.network)) { errors.push(inputForm.storageLan1.name + ' network is not valid ip format'); } else if (!ip.isPrivate(inputForm.storageLan1.network)) { errors.push(inputForm.storageLan1.name + ' must be private network'); } if (!ip.isV4Format(inputForm.storageLan1.netmask)) { errors.push(inputForm.storageLan1.name + ' mask is not valid ip format'); } else if (!NET_MASK_PATTERN.test(inputForm.storageLan1.netmask)) { errors.push(inputForm.storageLan1.name + ' mask is not valid pattern'); } } } if (inputForm.storageLan2.name !== undefined) { var templateStorageLan2 = factoryNetworkTemplate.networks[inputForm.storageLan2.name]; if (templateStorageLan2.network !== inputForm.storageLan2.network || templateStorageLan2.netmask !== inputForm.storageLan2.netmask) { if (!ip.isV4Format(inputForm.storageLan2.network)) { errors.push(inputForm.storageLan2.name + ' network is not valid ip format'); } else if (!ip.isPrivate(inputForm.storageLan2.network)) { errors.push(inputForm.storageLan2.name + ' must be private network'); } if (!ip.isV4Format(inputForm.storageLan2.netmask)) { errors.push(inputForm.storageLan2.name + ' mask is not valid ip format'); } else if (!NET_MASK_PATTERN.test(inputForm.storageLan2.netmask)) { errors.push(inputForm.storageLan2.name + ' mask is not valid pattern'); } } } if (errors.length > 0) { return { valid: false, errors: lodash.uniq(errors) }; } return { valid: true }; }
function isLocal (e) { // don't rely on private ip address, because // cjdns creates fake private ip addresses. // ignore localhost addresses, because sometimes they get broadcast. return !ip.isLoopback(e.host) && ip.isPrivate(e.host) && e.source === 'local' }
var AnnounceRequest = module.exports = function AnnounceRequest(client, torrent, announceEvent) { ConnectRequest.call(this, client); Object.defineProperties(this,{ _infoHash:{ value: new Buffer(20) }, infoHash: { enumerable: true, get: function() { return this._infoHash.toString('base64'); }, set: function(value){ this.setBase64Buffer(this._infoHash,value); } }, _peerId:{ value: new Buffer(20) }, peerId: { enumerable: true, get: function() { return this._peerId.toString(); }, set: function(value){ this._peerId.fill(value); } }, _downloaded:{ value: new Buffer(8) }, downloaded: { enumerable: true, get: function() { return bigint.fromBuffer(this._downloaded); }, set: function(value){ this.setIntBuffer(this._downloaded,value); } }, _left:{ value: new Buffer(8) }, left: { enumerable: true, get: function() { return bigint.fromBuffer(this._left); }, set: function(value){ this.setIntBuffer(this._left,value); } }, _uploaded:{ value: new Buffer(8) }, uploaded: { enumerable: true, get: function() { return bigint.fromBuffer(this._uploaded); }, set: function(value){ this.setIntBuffer(this._uploaded, value); } }, _event:{ value: new Buffer(4) }, event: { enumerable: true, get: function() { return this._event.readInt32BE(0); }, set: function(value){ this.setIntBuffer(this._event,value); } }, _ipAddress:{ value: new Buffer(4) }, ipAddress: { enumerable: true, get: function() { return ip.toString(this._ipAddress); }, set: function(value){ if(Buffer.isBuffer(value)) { value.copy(this._ipAddress); return; } ip.toBuffer(value, this._ipAddress); } }, _key:{ value: new Buffer(4) }, key: { enumerable: true, get: function() { return this._key.readInt32BE(0); }, set: function(value){ this.setIntBuffer(this._key,value); } }, _numWant:{ value: new Buffer(4) }, numWant: { enumerable: true, get: function() { return this._numWant.readInt32BE(0); }, set: function(value){ this.setIntBuffer(this._numWant,value); } }, _port:{ value: new Buffer(2) }, port: { enumerable: true, get: function() { return this._port.readUInt16BE(0); }, set: function(value){ this.setIntBuffer(this._port,value); } }, }); if (client) { this.infoHash = torrent._infoHash; this.peerId = client.kernel._peerId; this.downloaded = torrent._downloaded; this.left = torrent._left; this.uploaded = torrent._uploaded; this.event = announceEvent; // push the ip address if tracker is a private ip if (ip.isPrivate(client.address)) { this.ipAddress = client.kernel.ipAddress; } else { this.ipAddress = new Buffer([0,0,0,0]); } this.key = torrent._key; this.numWant = torrent.numWant; this.port = client.kernel.port; } };