ip whitelist commit

craigbthompson · Feb 14, 2023 · a87dbc0 · a87dbc0
1 parent 97c879c
commit a87dbc0
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 node_modules/
 dist/
 yarn-error.log
+bored-agent.yaml
diff --git a/src/stream-impersonator.ts b/src/stream-impersonator.ts
@@ -25,6 +25,15 @@ export class StreamImpersonator extends Transform {
     super();
 
     this.httpParser = new HTTPParser("REQUEST");
+    const whitelist = process.env.IP_WHITELIST;
+
+    let ipArray:string[] = []
+
+
+    if(whitelist !== undefined && whitelist !== "")
+    {
+      ipArray = whitelist.split(',');
+    }
 
     this.httpParser.onHeadersComplete = (info) => {
       if (this.upgrade) {
@@ -42,6 +51,19 @@ export class StreamImpersonator extends Transform {
       let token: string | null = null;
       const authIndex = headers.findIndex((h) => h[0] === "authorization");
 
+      const ipIndex = headers.findIndex((h) => h[0] === "x-forwarded-for");
+      const ip = headers[ipIndex][1].trim();
+
+      //If not coming from an acceptable IP, reject
+      if(ipArray.length > 0 && ipArray.includes(ip) === false)
+      {
+        logger.info('[AUDIT] ip address ' + ip + ' NOT found in whitelist');
+        this.flushChunks();
+      }
+      else{
+        logger.info('[AUDIT] ip address ' + ip + ' found in whitelist');
+      }
+
       if (authIndex !== -1) {
         token = headers[authIndex][1].trim().replace("Bearer ", "");