create: function (n, cb) {
if(isFunction(n) || n == null || isNaN(n))
return cb(new Error('invite.create must get number of uses.'))
var addr = server.getAddress()
var host = addr.split(':')[0]
if(!server.config.allowPrivate && (
ip.isPrivate(host) || 'localhost' === host)
)
return cb(new Error('Server has no public ip address,'
+ 'cannot create useable invitation'))
var secret = crypto.randomBytes(32).toString('base64')
var keyId = ssbKeys.hash(secret, 'base64')
// codes[keyId] = {
// secret: secret, total: n, used: 0
// }
var owner = server.feed
codesDB.put(keyId, {
secret: secret, total: +n, used: 0
}, function (err) {
if(err) cb(err)
else cb(null, [addr, owner.id, secret].join(','))
})
},
create: function (n, cb) {
if(isFunction(n) || n == null || isNaN(n))
return cb(new Error('invite.create must get number of uses.'))
var addr = server.getAddress()
var host = addr.split(':')[0]
if(!server.config.allowPrivate && (
ip.isPrivate(host) || 'localhost' === host)
)
return cb(new Error('Server has no public ip address,'
+ 'cannot create useable invitation'))
//this stuff is SECURITY CRITICAL
//so it should be moved into the main app.
//there should be something that restricts what
//permissions the plugin can create also:
//it should be able to diminish it's own permissions.
var seed = crypto.randomBytes(32)
var keyCap = ssbKeys.generate('ed25519', seed)
var owner = server.feed.keys.public
codesDB.put(keyCap.id, {
public: keyCap.public, total: +n, used: 0,
//TODO: kill "emit"
//(need to figure out what its used for)
permissions: {allow: ['emit', 'invite.use'], deny: null}
}, function (err) {
if(err) cb(err)
else cb(null, addr + '@' + seed.toString('base64'))
})
},
Checker.prototype._hasPrivateIps = function (results) {
for (var i = 0; i < results.length; i++) {
if (iplib.isPrivate(results[i])) return true;
}
return false;
};
.filter(peer => {
// Removing peers with private address or nonce equal to itself
if ((process.env.NODE_ENV || '').toUpperCase() === 'TEST') {
return peer.nonce !== modules.system.getNonce();
}
return !ip.isPrivate(peer.ip) && peer.nonce !== modules.system.getNonce();
})
var matchClientIp = function(ip){
var mode = settings.mode.toLowerCase(),
allowedIp = false,
notBannedIp = false,
isPrivateIpOkay = false; // Normalize mode
if(settings.cidr){
for(var i = 0; i < ips.length; i++){
var block = new Netmask(ips[i]);
if(block.contains(ip)){
allowedIp = (mode === 'allow');
if(mode === 'deny'){
notBannedIp = false;
}
break;
}else{
notBannedIp = (mode === 'deny');
isPrivateIpOkay = settings.allowPrivateIPs && iputil.isPrivate(ip);
}
}
}else if(settings.ranges){
var filteredSet = _.filter(ips,function(ipSet){
if(ipSet.length > 1){
var startIp = iputil.toLong(ipSet[0]);
var endIp = iputil.toLong(ipSet[1]);
var longIp = iputil.toLong(ip);
return longIp >= startIp && longIp <= endIp;
}else{
return ip === ipSet[0];
}
});
allowedIp = (mode === 'allow' && filteredSet.length > 0);
notBannedIp = (mode === 'deny' && filteredSet.length === 0);
isPrivateIpOkay = settings.allowPrivateIPs && iputil.isPrivate(ip) && !(mode === 'deny' && filteredSet.length > 0);
}else{
allowedIp = (mode === 'allow' && ips.indexOf(ip) !== -1);
notBannedIp = (mode === 'deny' && ips.indexOf(ip) === -1);
isPrivateIpOkay = settings.allowPrivateIPs && iputil.isPrivate(ip) && !(mode === 'deny' && ips.indexOf(ip) !== -1);
}
return allowedIp || notBannedIp || isPrivateIpOkay;
};
exports.isPub = function (id) {
// try to find the ID in the peerlist, and see if it's a public peer if so
for (var i=0; i < app.peers.length; i++) {
var peer = app.peers[i]
if (peer.key === id && !ip.isPrivate(peer.host))
return true
}
return false
}
Object.keys(forwarded.for).forEach(function (ip) {
// use IP filters
var filtered = filter(ip, opts.filter, true)
// remove private ips
if (filtered === null || (opts.allowPrivate === true ? false : IP.isPrivate(ip))) {
delete forwarded.for[ip]
}
})
is_ip_private = all_forwarded_for_array.reduce((previous, current) => {
try {
if (!(current.trim())) {
return previous;
} else {
return previous && IP.isPrivate(current.trim());
}
} catch (err) {
return true;
}
}, is_ip_private);
function getClientPublicAddress(socket) {
var address,
forwarded_for = socket.handshake.headers['x-forwarded-for'];
if (forwarded_for) {
if (ip.isPrivate(forwarded_for)) {
// the request comes from a LAN
// original room by IP address is useful
address = socket.handshake.address;
} else {
// the request is behind a reverse proxy
address = forwarded_for;
}
} else {
address = socket.handshake.address;
if (ip.isPrivate(address)) {
address = 'localhost';
}
}
return address;
}
function evalType(opts, clientIP) {
if (opts.privateAddress) {
return ip.isPrivate(clientIP)
}
if (opts.publicAddress) {
return ip.isPublic(clientIP)
}
if (opts.loopback) {
return ip.isLoopback(clientIP)
}
return false
}
;(peers||app.peers||[]).forEach(function (peer) {
// filter out LAN peers
if (ip.isLoopback(peer.host) || ip.isPrivate(peer.host))
return
var connectSuccess = (peer.time && peer.time.connect && (peer.time.connect > peer.time.attempt) || peer.connected)
if (connectSuccess)
connected++
if (social.follows(peer.key, app.user.id)) {
membersof++
if (connectSuccess)
membersofActive++
if (!peer.time || !peer.time.attempt)
membersofUntried++
}
})
;(peers||app.peers||[]).forEach(function (peer) {
if (ip.isLoopback(peer.host)) return
if (peer.connected) {
connected.push(peer.id)
}
if (peer.connected || (peer.time && peer.time.connect)) {
//TODO not sure about this
if (ip.isPrivate(peer.host) || ip.isLoopback(peer.host)) {
//if (ip.isPrivate(peer.host)) {
local.push(peer.id)
} else {
remote.push(peer.id)
}
}
})
const __page_is_unavailable = (page_descriptor) => {
if (!page_descriptor.pageMetadata.enabled) {
logger.warn("The requested page: " + page_descriptor.pageMetadata.page_id + " is disabled");
return true;
}
// example: "x-forwarded-for": "73.158.252.206, 172.31.27.18, 172.31.18.6, 172.31.28.247",
//
let all_forwarded_for_str = request.headers["x-forwarded-for"] || "";
let ip_regex = /\s*,\s*/;
let all_forwarded_for_array = all_forwarded_for_str.split(ip_regex);
let is_ip_private = true;
try {
is_ip_private = IP.isPrivate(request.info.remoteAddress);
} catch (err) {
//
}
is_ip_private = all_forwarded_for_array.reduce((previous, current) => {
try {
if (!(current.trim())) {
return previous;
} else {
return previous && IP.isPrivate(current.trim());
}
} catch (err) {
return true;
}
}, is_ip_private);
if ((!is_ip_private) && (page_descriptor.pageMetadata.access_conditions.visibility === "INTERNAL")) {
logger.warn("The requested page: " + page_descriptor.pageMetadata.page_id + " is for INTERNAL visibility only");
return true;
}
let nowDate = moment();
if (nowDate.isBefore(page_descriptor.pageMetadata.campaign_start_date) || nowDate.isAfter(page_descriptor.pageMetadata.campaign_end_date)) {
logger.warn("The campain duration for the requested page: " + page_descriptor.pageMetadata.page_id + " has expired");
return true;
} else {
return false;
}
};
Checker.prototype.isPrivate = function (domain, cb) {
domain = this._parseDomain(domain);
if (!domain) {
return cb("Could not parse domain");
}
if (this._isIPV4(domain) || this._isIPV6(domain)) {
return cb(null, iplib.isPrivate(domain));
}
var types = [];
this.options.ipv4 && types.push(4);
this.options.ipv6 && types.push(6);
if (!types.length) {
var err = "Does not check neither ipv4, nor ipv6";
console.error(err);
return cb(err);
}
types = types.map(function(type) {
return this._checkDomain.bind(this, domain, type)
}.bind(this));
async.parallel(types, function(err, results) {
if (err) throw err;
var resultsWithoutErorrs = results.filter(function(result) {
return ! result.error;
});
if (resultsWithoutErorrs.length == 0) return cb(results[0].error);
var hasPrivateIps = resultsWithoutErorrs.filter(function(result) {
return result.hasPrivate;
}).length > 0;
cb(err, hasPrivateIps);
});
};
app.use(function (req, res, next) {
var settings = settingsModule.settings;
var isPrivate = ip.isPrivate(req.connection.remoteAddress);
if (!isPrivate && githubBlock.contains(req.connection.remoteAddress)) {
isPrivate = true;
}
if (settings.isPasswordProtected && !isPrivate && settings.userName && settings.userPassword) {
var credentials = auth(req);
if (!credentials || credentials.name !== settings.userName || credentials.pass !== settings.userPassword) {
res.writeHead(401, {
'WWW-Authenticate': 'Basic realm="buttlejs"'
});
return res.end('OH no you didnt?!');
} else {
return next();
}
}
return next();
});
natupnpClient.externalIp(function(err, wanip) {
if (err) {
self._log.warn('could not obtain public IP address');
return callback(err);
}
if (!net.isIP(wanip)) {
self._log.warn('UPnP device has no valid IP address: %s',
JSON.stringify(wanip));
return callback(new Error('UPnP device has no valid IP address'));
}
if (ip.isPrivate(wanip)) {
self._log.warn('UPnP device has no public IP address: %s', wanip);
return callback(new Error('UPnP device has no public IP address'));
}
self._log.info('successfully traversed NAT via UPnP: %s:%s', wanip, port);
callback(null, wanip, port);
});
Transport.prototype._checkIfReachable = function(callback) {
if (ip.isPrivate(this._contact.address)) {
return callback(false);
}
var sock = net.connect({
host: this._contact.address,
port: this._contact.port
});
sock.once('error', () => {
callback(false);
sock.removeAllListeners();
sock.destroy();
});
sock.once('connect', () => {
callback(true);
sock.removeAllListeners();
sock.end();
});
};
function validateInputForm() {
var errors = [];
if (inputForm.publicLan1.name !== undefined) {
var templatePublicLan1 = factoryNetworkTemplate.networks[inputForm.publicLan1.name];
var isFormatOk = true;
if (templatePublicLan1.network !== inputForm.publicLan1.network ||
templatePublicLan1.netmask !== inputForm.publicLan1.netmask) {
if (!ip.isV4Format(inputForm.publicLan1.network)) {
errors.push(inputForm.publicLan1.name + ' network is not valid ip format');
isFormatOk = false;
} else if (ip.isPrivate(inputForm.publicLan1.network)) {
errors.push(inputForm.publicLan1.name + ' must be public address');
isFormatOk = false;
}
if (!ip.isV4Format(inputForm.publicLan1.netmask)) {
errors.push(inputForm.publicLan1.name + ' mask is not valid ip format');
isFormatOk = false;
} else if (!NET_MASK_PATTERN.test(inputForm.publicLan1.netmask)) {
errors.push(inputForm.publicLan1.name + ' mask is not valid pattern');
isFormatOk = false;
}
lodash.forEach(inputForm.publicLan1.scalers, function(scaler) {
if (!ip.isV4Format(scaler.address)) {
errors.push(scaler.display + ' is not valid ip format');
isFormatOk = false;
}
});
}
if (isFormatOk) {
var subnet = ip.subnet(inputForm.publicLan1.network, inputForm.publicLan1.netmask);
lodash.forEach(inputForm.publicLan1.scalers, function(scaler) {
if (subnet.contains(scaler.address) === false) {
errors.push(scaler.name + ' address is not in valid ip range for Public Lan 1');
}
if (scaler.address === subnet.networkAddress) {
errors.push(scaler.name + ' address should not same with network address for Public Lan 1');
}
if (scaler.address === subnet.broadcastAddress) {
errors.push(scaler.name + ' address should not same with broadcast address for Public Lan 1');
}
});
if (inputForm.publicLan1.destinationGateway !== '') {
if (!ip.isV4Format(inputForm.publicLan1.destinationGateway)) {
errors.push('Gateway address is not valid ip format');
} else if (!subnet.contains(inputForm.publicLan1.destinationGateway)) {
errors.push('Gateway address is not in valid ip range');
}
} else {
errors.push('Gateway address is required');
}
}
}
if (inputForm.publicLan2.name !== undefined && inputForm.nicBonding.add === undefined && systemHasNicBonding === false) {
var templatePublicLan2 = factoryNetworkTemplate.networks[inputForm.publicLan2.name];
isFormatOk = true;
if (templatePublicLan2.network !== inputForm.publicLan2.network ||
templatePublicLan2.netmask !== inputForm.publicLan2.netmask) {
if (!ip.isV4Format(inputForm.publicLan2.network)) {
errors.push(inputForm.publicLan2.name + ' network is not valid ip format');
isFormatOk = false;
} else if (!ip.isPublic(inputForm.publicLan2.network)) {
errors.push(inputForm.publicLan2.name + ' must be public network');
isFormatOk = false;
}
if (!ip.isV4Format(inputForm.publicLan2.netmask)) {
errors.push(inputForm.publicLan2.name + ' mask is not valid ip format');
isFormatOk = false;
} else if (!NET_MASK_PATTERN.test(inputForm.publicLan2.netmask)) {
errors.push(inputForm.publicLan2.name + ' mask is not valid pattern');
isFormatOk = false;
}
lodash.forEach(inputForm.publicLan2.scalers, function(scaler) {
if (!ip.isV4Format(scaler.address)) {
errors.push(scaler.display + ' is not valid ip format');
isFormatOk = false;
}
});
}
if (isFormatOk) {
subnet = ip.subnet(inputForm.publicLan2.network, inputForm.publicLan2.netmask);
lodash.forEach(inputForm.publicLan2.scalers, function(scaler) {
if (subnet.contains(scaler.address) === false) {
errors.push(scaler.name + ' address is not in valid ip range for Public Lan 2');
}
if (scaler.address === subnet.networkAddress) {
errors.push(scaler.name + ' address should not same with network address for Public Lan 2');
}
if (scaler.address === subnet.broadcastAddress) {
errors.push(scaler.name + ' address should not same with broadcast address for Public Lan 2');
}
});
}
}
if (inputForm.managementLan1.name !== undefined) {
var templateManagementLan1 = factoryNetworkTemplate.networks[inputForm.managementLan1.name];
if (templateManagementLan1.network !== inputForm.managementLan1.network ||
templateManagementLan1.netmask !== inputForm.managementLan1.netmask) {
if (!ip.isV4Format(inputForm.managementLan1.network)) {
errors.push(inputForm.managementLan1.name + ' network is not valid ip format');
} else if (!ip.isPrivate(inputForm.managementLan1.network)) {
errors.push(inputForm.managementLan1.name + ' must be private network');
}
if (!ip.isV4Format(inputForm.managementLan1.netmask)) {
errors.push(inputForm.managementLan1.name + ' mask is not valid ip format');
} else if (!NET_MASK_PATTERN.test(inputForm.managementLan1.netmask)) {
errors.push(inputForm.managementLan1.name + ' mask is not valid pattern');
}
}
}
if (inputForm.managementLan2.name !== undefined) {
var templateManagementLan2 = factoryNetworkTemplate.networks[inputForm.managementLan2.name];
if (templateManagementLan2.network !== inputForm.managementLan2.network ||
templateManagementLan2.netmask !== inputForm.managementLan2.netmask) {
if (!ip.isV4Format(inputForm.managementLan2.network)) {
errors.push(inputForm.managementLan2.name + ' network is not valid ip format');
} else if (!ip.isPrivate(inputForm.managementLan2.network)) {
errors.push(inputForm.managementLan2.name + ' must be private network');
}
if (!ip.isV4Format(inputForm.managementLan2.netmask)) {
errors.push(inputForm.managementLan2.name + ' mask is not valid ip format');
} else if (!NET_MASK_PATTERN.test(inputForm.managementLan2.netmask)) {
errors.push(inputForm.managementLan2.name + ' mask is not valid pattern');
}
}
}
if (inputForm.storageLan1.name !== undefined) {
var templateStorageLan1 = factoryNetworkTemplate.networks[inputForm.storageLan1.name];
if (templateStorageLan1.network !== inputForm.storageLan1.network ||
templateStorageLan1.netmask !== inputForm.storageLan1.netmask) {
if (!ip.isV4Format(inputForm.storageLan1.network)) {
errors.push(inputForm.storageLan1.name + ' network is not valid ip format');
} else if (!ip.isPrivate(inputForm.storageLan1.network)) {
errors.push(inputForm.storageLan1.name + ' must be private network');
}
if (!ip.isV4Format(inputForm.storageLan1.netmask)) {
errors.push(inputForm.storageLan1.name + ' mask is not valid ip format');
} else if (!NET_MASK_PATTERN.test(inputForm.storageLan1.netmask)) {
errors.push(inputForm.storageLan1.name + ' mask is not valid pattern');
}
}
}
if (inputForm.storageLan2.name !== undefined) {
var templateStorageLan2 = factoryNetworkTemplate.networks[inputForm.storageLan2.name];
if (templateStorageLan2.network !== inputForm.storageLan2.network ||
templateStorageLan2.netmask !== inputForm.storageLan2.netmask) {
if (!ip.isV4Format(inputForm.storageLan2.network)) {
errors.push(inputForm.storageLan2.name + ' network is not valid ip format');
} else if (!ip.isPrivate(inputForm.storageLan2.network)) {
errors.push(inputForm.storageLan2.name + ' must be private network');
}
if (!ip.isV4Format(inputForm.storageLan2.netmask)) {
errors.push(inputForm.storageLan2.name + ' mask is not valid ip format');
} else if (!NET_MASK_PATTERN.test(inputForm.storageLan2.netmask)) {
errors.push(inputForm.storageLan2.name + ' mask is not valid pattern');
}
}
}
if (errors.length > 0) {
return {
valid: false,
errors: lodash.uniq(errors)
};
}
return {
valid: true
};
}
function isLocal (e) {
// don't rely on private ip address, because
// cjdns creates fake private ip addresses.
// ignore localhost addresses, because sometimes they get broadcast.
return !ip.isLoopback(e.host) && ip.isPrivate(e.host) && e.source === 'local'
}
var AnnounceRequest = module.exports = function AnnounceRequest(client, torrent, announceEvent) {
ConnectRequest.call(this, client);
Object.defineProperties(this,{
_infoHash:{
value: new Buffer(20)
},
infoHash: {
enumerable: true,
get: function() {
return this._infoHash.toString('base64');
},
set: function(value){
this.setBase64Buffer(this._infoHash,value);
}
},
_peerId:{
value: new Buffer(20)
},
peerId: {
enumerable: true,
get: function() {
return this._peerId.toString();
},
set: function(value){
this._peerId.fill(value);
}
},
_downloaded:{
value: new Buffer(8)
},
downloaded: {
enumerable: true,
get: function() {
return bigint.fromBuffer(this._downloaded);
},
set: function(value){
this.setIntBuffer(this._downloaded,value);
}
},
_left:{
value: new Buffer(8)
},
left: {
enumerable: true,
get: function() {
return bigint.fromBuffer(this._left);
},
set: function(value){
this.setIntBuffer(this._left,value);
}
},
_uploaded:{
value: new Buffer(8)
},
uploaded: {
enumerable: true,
get: function() {
return bigint.fromBuffer(this._uploaded);
},
set: function(value){
this.setIntBuffer(this._uploaded, value);
}
},
_event:{
value: new Buffer(4)
},
event: {
enumerable: true,
get: function() {
return this._event.readInt32BE(0);
},
set: function(value){
this.setIntBuffer(this._event,value);
}
},
_ipAddress:{
value: new Buffer(4)
},
ipAddress: {
enumerable: true,
get: function() {
return ip.toString(this._ipAddress);
},
set: function(value){
if(Buffer.isBuffer(value)) {
value.copy(this._ipAddress);
return;
}
ip.toBuffer(value, this._ipAddress);
}
},
_key:{
value: new Buffer(4)
},
key: {
enumerable: true,
get: function() {
return this._key.readInt32BE(0);
},
set: function(value){
this.setIntBuffer(this._key,value);
}
},
_numWant:{
value: new Buffer(4)
},
numWant: {
enumerable: true,
get: function() {
return this._numWant.readInt32BE(0);
},
set: function(value){
this.setIntBuffer(this._numWant,value);
}
},
_port:{
value: new Buffer(2)
},
port: {
enumerable: true,
get: function() {
return this._port.readUInt16BE(0);
},
set: function(value){
this.setIntBuffer(this._port,value);
}
},
});
if (client) {
this.infoHash = torrent._infoHash;
this.peerId = client.kernel._peerId;
this.downloaded = torrent._downloaded;
this.left = torrent._left;
this.uploaded = torrent._uploaded;
this.event = announceEvent;
// push the ip address if tracker is a private ip
if (ip.isPrivate(client.address)) {
this.ipAddress = client.kernel.ipAddress;
} else {
this.ipAddress = new Buffer([0,0,0,0]);
}
this.key = torrent._key;
this.numWant = torrent.numWant;
this.port = client.kernel.port;
}
};