From f1430ec6af411ea099e67a665c447a47311b285f Mon Sep 17 00:00:00 2001 From: Malachi Soord Date: Sun, 5 Nov 2023 12:11:59 +0100 Subject: [PATCH] Add way to filter IP addresses to be allowed to access --- .nvmrc | 1 + package-lock.json | 40 ++++++++++++++++++++++++++++++++++++++++ package.json | 1 + server/server.js | 9 +++++++++ 4 files changed, 51 insertions(+) create mode 100644 .nvmrc diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 000000000..87ec8842b --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +18.18.2 diff --git a/package-lock.json b/package-lock.json index 1c62e19d8..7530a7122 100644 --- a/package-lock.json +++ b/package-lock.json @@ -30,6 +30,7 @@ "dotenv": "~16.0.3", "express": "~4.17.3", "express-basic-auth": "~1.2.1", + "express-ipfilter": "^1.3.1", "express-static-gzip": "~2.1.7", "form-data": "~4.0.0", "gamedig": "~4.1.0", @@ -8602,6 +8603,25 @@ "basic-auth": "^2.0.1" } }, + "node_modules/express-ipfilter": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/express-ipfilter/-/express-ipfilter-1.3.1.tgz", + "integrity": "sha512-9WZC8wGkI6I6ygZNzuZ2MbFJiGoDXs1dM+E8LKtSP13pdgqrnkonWlgvvbxG3YZpa7Haz7Ndum9/J6qkj52OqA==", + "dependencies": { + "ip": "^1.1.8", + "lodash": "^4.17.11", + "proxy-addr": "^2.0.7", + "range_check": "^2.0.4" + }, + "engines": { + "node": ">=8.9.0" + } + }, + "node_modules/express-ipfilter/node_modules/ip": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz", + "integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg==" + }, "node_modules/express-static-gzip": { "version": "2.1.7", "resolved": "https://registry.npmjs.org/express-static-gzip/-/express-static-gzip-2.1.7.tgz", @@ -9950,6 +9970,14 @@ "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.0.tgz", "integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==" }, + "node_modules/ip6": { + "version": "0.2.10", + "resolved": "https://registry.npmjs.org/ip6/-/ip6-0.2.10.tgz", + "integrity": "sha512-1LdpyKjhvepd6EbAU6rW4g14vuYtx5TnJX9TfZZBhsM6DsyPQLNzW12rtbUqXBMwqFrLVV/Gcxv0GNFvJp2cYA==", + "bin": { + "ip6": "ip6-cli.js" + } + }, "node_modules/ipaddr.js": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", @@ -14953,6 +14981,18 @@ "node": ">=0.8.0" } }, + "node_modules/range_check": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/range_check/-/range_check-2.0.4.tgz", + "integrity": "sha512-aed0ocXXj+SIiNNN9b+mZWA3Ow2GXHtftOGk2xQwshK5GbEZAvUcPWNQBLTx/lPcdFRIUFlFCRtHTQNIFMqynQ==", + "dependencies": { + "ip6": "^0.2.0", + "ipaddr.js": "^1.9.1" + }, + "engines": { + "node": ">=10.0.0" + } + }, "node_modules/range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", diff --git a/package.json b/package.json index f11712658..058dfd484 100644 --- a/package.json +++ b/package.json @@ -88,6 +88,7 @@ "dotenv": "~16.0.3", "express": "~4.17.3", "express-basic-auth": "~1.2.1", + "express-ipfilter": "^1.3.1", "express-static-gzip": "~2.1.7", "form-data": "~4.0.0", "gamedig": "~4.1.0", diff --git a/server/server.js b/server/server.js index f726790c2..6d43e4b62 100644 --- a/server/server.js +++ b/server/server.js @@ -117,6 +117,15 @@ const port = [ args.port, process.env.UPTIME_KUMA_PORT, process.env.PORT, 3001 ] const disableFrameSameOrigin = !!process.env.UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN || args["disable-frame-sameorigin"] || false; const cloudflaredToken = args["cloudflared-token"] || process.env.UPTIME_KUMA_CLOUDFLARED_TOKEN || undefined; +const ipsToAllow = process.env.UPTIME_KUMA_IPS_TO_ALLOW || args["ips-to-allow"] || undefined; +if (ipsToAllow !== undefined) { + log.info("server", "IPs to allow: " + ipsToAllow); + + const ipfilter = require("express-ipfilter").IpFilter; + app.use(ipfilter(ipsToAllow.split(","), { mode: "allow" })); +} + + // 2FA / notp verification defaults const twoFAVerifyOptions = { "window": 1,