* Creates an Express middleware for IP whitelisting * @param {string[]} whitelist - Array of allowed IP addresses or CIDR ranges * @returns {import("express").RequestHandler} Express middleware function
(whitelist)
| 60 | * @returns {import("express").RequestHandler} Express middleware function |
| 61 | */ |
| 62 | function ipAccessControl (whitelist) { |
| 63 | // Empty whitelist means allow all |
| 64 | if (!Array.isArray(whitelist) || whitelist.length === 0) { |
| 65 | return function (req, res, next) { |
| 66 | res.header("Access-Control-Allow-Origin", "*"); |
| 67 | next(); |
| 68 | }; |
| 69 | } |
| 70 | |
| 71 | return function (req, res, next) { |
| 72 | const clientIp = resolveClientIp(req); |
| 73 | |
| 74 | if (isAllowed(clientIp, whitelist)) { |
| 75 | res.header("Access-Control-Allow-Origin", "*"); |
| 76 | next(); |
| 77 | } else { |
| 78 | Log.warn(`IP ${clientIp} is not allowed to access the mirror`); |
| 79 | res.status(403).send("This device is not allowed to access your mirror. <br> Please check your config.js or config.js.sample to change this."); |
| 80 | } |
| 81 | }; |
| 82 | } |
| 83 | |
| 84 | /** |
| 85 | * Creates a Socket.IO `allowRequest` handler that enforces the same IP whitelist as the HTTP middleware. |
no test coverage detected