diff --git a/packages/backend/package.json b/packages/backend/package.json index c5b6278b6..b9995d811 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -100,6 +100,7 @@ "hpagent": "1.2.0", "ioredis": "5.3.2", "ip-cidr": "3.1.0", + "ipaddr.js": "2.1.0", "is-svg": "4.3.2", "js-yaml": "4.1.0", "jsdom": "22.1.0", @@ -120,7 +121,6 @@ "otpauth": "9.1.2", "parse5": "7.1.2", "pg": "8.11.0", - "private-ip": "3.0.0", "probe-image-size": "7.2.3", "promise-limit": "2.7.0", "pug": "3.0.2", diff --git a/packages/backend/src/core/DownloadService.ts b/packages/backend/src/core/DownloadService.ts index bd535c603..09039a8b5 100644 --- a/packages/backend/src/core/DownloadService.ts +++ b/packages/backend/src/core/DownloadService.ts @@ -2,8 +2,7 @@ import * as fs from 'node:fs'; import * as stream from 'node:stream'; import * as util from 'node:util'; import { Inject, Injectable } from '@nestjs/common'; -import IPCIDR from 'ip-cidr'; -import PrivateIp from 'private-ip'; +import ipaddr from 'ipaddr.js'; import chalk from 'chalk'; import got, * as Got from 'got'; import { parse } from 'content-disposition'; @@ -123,15 +122,15 @@ export class DownloadService { public async downloadTextFile(url: string): Promise { // Create temp file const [path, cleanup] = await createTemp(); - + this.logger.info(`text file: Temp file is ${path}`); - + try { // write content at URL to temp file await this.downloadUrl(url, path); - + const text = await util.promisify(fs.readFile)(path, 'utf8'); - + return text; } finally { cleanup(); @@ -140,13 +139,14 @@ export class DownloadService { @bindThis private isPrivateIp(ip: string): boolean { + const parsedIp = ipaddr.parse(ip); + for (const net of this.config.allowedPrivateNetworks ?? []) { - const cidr = new IPCIDR(net); - if (cidr.contains(ip)) { + if (parsedIp.match(ipaddr.parseCIDR(net))) { return false; } } - return PrivateIp(ip) ?? false; + return parsedIp.range() !== 'unicast'; } } diff --git a/packages/backend/src/misc/get-ip-hash.ts b/packages/backend/src/misc/get-ip-hash.ts index 70e61aef8..1a86fb881 100644 --- a/packages/backend/src/misc/get-ip-hash.ts +++ b/packages/backend/src/misc/get-ip-hash.ts @@ -1,6 +1,6 @@ import IPCIDR from 'ip-cidr'; -export function getIpHash(ip: string) { +export function getIpHash(ip: string): string { try { // because a single person may control many IPv6 addresses, // only a /64 subnet prefix of any IP will be taken into account. diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2259cb2a2..97f9a9583 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -215,6 +215,9 @@ importers: ip-cidr: specifier: 3.1.0 version: 3.1.0 + ipaddr.js: + specifier: 2.1.0 + version: 2.1.0 is-svg: specifier: 4.3.2 version: 4.3.2 @@ -275,9 +278,6 @@ importers: pg: specifier: 8.11.0 version: 8.11.0 - private-ip: - specifier: 3.0.0 - version: 3.0.0 probe-image-size: specifier: 7.2.3 version: 7.2.3 @@ -4387,10 +4387,6 @@ packages: resolution: {integrity: sha512-BxOqI5LgsIQP1odU5KMwV9yoijleOPzHL18/YvNqF9KFSGF2K/DLlYAbDQsWqd/1nbaFuSkYD/191dpMtNh4vw==} dev: false - /@chainsafe/is-ip@2.0.1: - resolution: {integrity: sha512-nqSJ8u2a1Rv9FYbyI8qpDhTYujaKEyLknNrTejLYoSWmdeg+2WB7R6BZqPZYfrJzDxVi3rl6ZQuoaEvpKRZWgQ==} - dev: false - /@colors/colors@1.5.0: resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==} engines: {node: '>=0.1.90'} @@ -13539,11 +13535,6 @@ packages: resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==} engines: {node: '>=8'} - /ip-regex@5.0.0: - resolution: {integrity: sha512-fOCG6lhoKKakwv+C6KdsOnGvgXnmgfmp0myi3bcNwj3qfwPAxRKWEuFhvEFF7ceYIz6+1jRZ+yguLFAmUNPEfw==} - engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} - dev: false - /ip@2.0.0: resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==} @@ -13551,8 +13542,8 @@ packages: resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==} engines: {node: '>= 0.10'} - /ipaddr.js@2.0.1: - resolution: {integrity: sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==} + /ipaddr.js@2.1.0: + resolution: {integrity: sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==} engines: {node: '>= 10'} /irregular-plurals@3.5.0: @@ -17315,20 +17306,10 @@ packages: resolution: {integrity: sha512-5zyFfekIVUOTVbL92hc8LJOtE/gyGHeREHkJ2yTyByP8Q2YZVoBqLg3EfYLeF0oVvGqtaEX2t2Qovja0/gStXw==} dependencies: ip-regex: 4.3.0 - ipaddr.js: 2.0.1 + ipaddr.js: 2.1.0 is-ip: 3.1.0 netmask: 2.0.2 - /private-ip@3.0.0: - resolution: {integrity: sha512-HkMBs4nMtrP+cvcw0bDi2BAZIGgiKI4Zq8Oc+dMqNBpHS8iGL4+WO/pRtc8Bwnv9rjnV0QwMDwEBymFtqv7Kww==} - engines: {node: '>=14.16'} - dependencies: - '@chainsafe/is-ip': 2.0.1 - ip-regex: 5.0.0 - ipaddr.js: 2.0.1 - netmask: 2.0.2 - dev: false - /probe-image-size@7.2.3: resolution: {integrity: sha512-HubhG4Rb2UH8YtV4ba0Vp5bQ7L78RTONYu/ujmCu5nBI8wGv24s4E9xSKBi0N1MowRpxk76pFCpJtW0KPzOK0w==} dependencies: