From a87dbc07124f52610f85101953d523235b963087 Mon Sep 17 00:00:00 2001
From: cthompson <cthompson@smcpartners.com>
Date: Tue, 14 Feb 2023 11:11:15 -0500
Subject: [PATCH] ip whitelist commit

---
 .gitignore                 |  1 +
 src/stream-impersonator.ts | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.gitignore b/.gitignore
index 71b5f42..c886b11 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 node_modules/
 dist/
 yarn-error.log
+bored-agent.yaml
diff --git a/src/stream-impersonator.ts b/src/stream-impersonator.ts
index d922b26..a73ec2e 100644
--- a/src/stream-impersonator.ts
+++ b/src/stream-impersonator.ts
@@ -25,6 +25,15 @@ export class StreamImpersonator extends Transform {
     super();
 
     this.httpParser = new HTTPParser("REQUEST");
+    const whitelist = process.env.IP_WHITELIST;
+
+    let ipArray:string[] = []
+
+
+    if(whitelist !== undefined && whitelist !== "")
+    {
+      ipArray = whitelist.split(',');
+    }
 
     this.httpParser.onHeadersComplete = (info) => {
       if (this.upgrade) {
@@ -42,6 +51,19 @@ export class StreamImpersonator extends Transform {
       let token: string | null = null;
       const authIndex = headers.findIndex((h) => h[0] === "authorization");
 
+      const ipIndex = headers.findIndex((h) => h[0] === "x-forwarded-for");
+      const ip = headers[ipIndex][1].trim();
+
+      //If not coming from an acceptable IP, reject
+      if(ipArray.length > 0 && ipArray.includes(ip) === false)
+      {
+        logger.info('[AUDIT] ip address ' + ip + ' NOT found in whitelist');
+        this.flushChunks();
+      }
+      else{
+        logger.info('[AUDIT] ip address ' + ip + ' found in whitelist');
+      }
+
       if (authIndex !== -1) {
         token = headers[authIndex][1].trim().replace("Bearer ", "");