summaryrefslogtreecommitdiffstats
path: root/middleware/node_modules/proxy-addr/index.js
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/node_modules/proxy-addr/index.js')
-rw-r--r--middleware/node_modules/proxy-addr/index.js327
1 files changed, 327 insertions, 0 deletions
diff --git a/middleware/node_modules/proxy-addr/index.js b/middleware/node_modules/proxy-addr/index.js
new file mode 100644
index 0000000..a909b05
--- /dev/null
+++ b/middleware/node_modules/proxy-addr/index.js
@@ -0,0 +1,327 @@
+/*!
+ * proxy-addr
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = proxyaddr
+module.exports.all = alladdrs
+module.exports.compile = compile
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var forwarded = require('forwarded')
+var ipaddr = require('ipaddr.js')
+
+/**
+ * Variables.
+ * @private
+ */
+
+var DIGIT_REGEXP = /^[0-9]+$/
+var isip = ipaddr.isValid
+var parseip = ipaddr.parse
+
+/**
+ * Pre-defined IP ranges.
+ * @private
+ */
+
+var IP_RANGES = {
+ linklocal: ['169.254.0.0/16', 'fe80::/10'],
+ loopback: ['127.0.0.1/8', '::1/128'],
+ uniquelocal: ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fc00::/7']
+}
+
+/**
+ * Get all addresses in the request, optionally stopping
+ * at the first untrusted.
+ *
+ * @param {Object} request
+ * @param {Function|Array|String} [trust]
+ * @public
+ */
+
+function alladdrs (req, trust) {
+ // get addresses
+ var addrs = forwarded(req)
+
+ if (!trust) {
+ // Return all addresses
+ return addrs
+ }
+
+ if (typeof trust !== 'function') {
+ trust = compile(trust)
+ }
+
+ for (var i = 0; i < addrs.length - 1; i++) {
+ if (trust(addrs[i], i)) continue
+
+ addrs.length = i + 1
+ }
+
+ return addrs
+}
+
+/**
+ * Compile argument into trust function.
+ *
+ * @param {Array|String} val
+ * @private
+ */
+
+function compile (val) {
+ if (!val) {
+ throw new TypeError('argument is required')
+ }
+
+ var trust
+
+ if (typeof val === 'string') {
+ trust = [val]
+ } else if (Array.isArray(val)) {
+ trust = val.slice()
+ } else {
+ throw new TypeError('unsupported trust argument')
+ }
+
+ for (var i = 0; i < trust.length; i++) {
+ val = trust[i]
+
+ if (!Object.prototype.hasOwnProperty.call(IP_RANGES, val)) {
+ continue
+ }
+
+ // Splice in pre-defined range
+ val = IP_RANGES[val]
+ trust.splice.apply(trust, [i, 1].concat(val))
+ i += val.length - 1
+ }
+
+ return compileTrust(compileRangeSubnets(trust))
+}
+
+/**
+ * Compile `arr` elements into range subnets.
+ *
+ * @param {Array} arr
+ * @private
+ */
+
+function compileRangeSubnets (arr) {
+ var rangeSubnets = new Array(arr.length)
+
+ for (var i = 0; i < arr.length; i++) {
+ rangeSubnets[i] = parseipNotation(arr[i])
+ }
+
+ return rangeSubnets
+}
+
+/**
+ * Compile range subnet array into trust function.
+ *
+ * @param {Array} rangeSubnets
+ * @private
+ */
+
+function compileTrust (rangeSubnets) {
+ // Return optimized function based on length
+ var len = rangeSubnets.length
+ return len === 0
+ ? trustNone
+ : len === 1
+ ? trustSingle(rangeSubnets[0])
+ : trustMulti(rangeSubnets)
+}
+
+/**
+ * Parse IP notation string into range subnet.
+ *
+ * @param {String} note
+ * @private
+ */
+
+function parseipNotation (note) {
+ var pos = note.lastIndexOf('/')
+ var str = pos !== -1
+ ? note.substring(0, pos)
+ : note
+
+ if (!isip(str)) {
+ throw new TypeError('invalid IP address: ' + str)
+ }
+
+ var ip = parseip(str)
+
+ if (pos === -1 && ip.kind() === 'ipv6' && ip.isIPv4MappedAddress()) {
+ // Store as IPv4
+ ip = ip.toIPv4Address()
+ }
+
+ var max = ip.kind() === 'ipv6'
+ ? 128
+ : 32
+
+ var range = pos !== -1
+ ? note.substring(pos + 1, note.length)
+ : null
+
+ if (range === null) {
+ range = max
+ } else if (DIGIT_REGEXP.test(range)) {
+ range = parseInt(range, 10)
+ } else if (ip.kind() === 'ipv4' && isip(range)) {
+ range = parseNetmask(range)
+ } else {
+ range = null
+ }
+
+ if (range <= 0 || range > max) {
+ throw new TypeError('invalid range on address: ' + note)
+ }
+
+ return [ip, range]
+}
+
+/**
+ * Parse netmask string into CIDR range.
+ *
+ * @param {String} netmask
+ * @private
+ */
+
+function parseNetmask (netmask) {
+ var ip = parseip(netmask)
+ var kind = ip.kind()
+
+ return kind === 'ipv4'
+ ? ip.prefixLengthFromSubnetMask()
+ : null
+}
+
+/**
+ * Determine address of proxied request.
+ *
+ * @param {Object} request
+ * @param {Function|Array|String} trust
+ * @public
+ */
+
+function proxyaddr (req, trust) {
+ if (!req) {
+ throw new TypeError('req argument is required')
+ }
+
+ if (!trust) {
+ throw new TypeError('trust argument is required')
+ }
+
+ var addrs = alladdrs(req, trust)
+ var addr = addrs[addrs.length - 1]
+
+ return addr
+}
+
+/**
+ * Static trust function to trust nothing.
+ *
+ * @private
+ */
+
+function trustNone () {
+ return false
+}
+
+/**
+ * Compile trust function for multiple subnets.
+ *
+ * @param {Array} subnets
+ * @private
+ */
+
+function trustMulti (subnets) {
+ return function trust (addr) {
+ if (!isip(addr)) return false
+
+ var ip = parseip(addr)
+ var ipconv
+ var kind = ip.kind()
+
+ for (var i = 0; i < subnets.length; i++) {
+ var subnet = subnets[i]
+ var subnetip = subnet[0]
+ var subnetkind = subnetip.kind()
+ var subnetrange = subnet[1]
+ var trusted = ip
+
+ if (kind !== subnetkind) {
+ if (subnetkind === 'ipv4' && !ip.isIPv4MappedAddress()) {
+ // Incompatible IP addresses
+ continue
+ }
+
+ if (!ipconv) {
+ // Convert IP to match subnet IP kind
+ ipconv = subnetkind === 'ipv4'
+ ? ip.toIPv4Address()
+ : ip.toIPv4MappedAddress()
+ }
+
+ trusted = ipconv
+ }
+
+ if (trusted.match(subnetip, subnetrange)) {
+ return true
+ }
+ }
+
+ return false
+ }
+}
+
+/**
+ * Compile trust function for single subnet.
+ *
+ * @param {Object} subnet
+ * @private
+ */
+
+function trustSingle (subnet) {
+ var subnetip = subnet[0]
+ var subnetkind = subnetip.kind()
+ var subnetisipv4 = subnetkind === 'ipv4'
+ var subnetrange = subnet[1]
+
+ return function trust (addr) {
+ if (!isip(addr)) return false
+
+ var ip = parseip(addr)
+ var kind = ip.kind()
+
+ if (kind !== subnetkind) {
+ if (subnetisipv4 && !ip.isIPv4MappedAddress()) {
+ // Incompatible IP addresses
+ return false
+ }
+
+ // Convert IP to match subnet IP kind
+ ip = subnetisipv4
+ ? ip.toIPv4Address()
+ : ip.toIPv4MappedAddress()
+ }
+
+ return ip.match(subnetip, subnetrange)
+ }
+}