dns = require('dns'),
url = require('url'),
_ = require('lodash'),
+ ipaddr = require('ipaddr.js'),
Client = require('./client.js').Client,
HttpHandler = require('./httphandler.js').HttpHandler,
- rehash = require('./rehash.js'),
- range_check = require('range_check');
+ rehash = require('./rehash.js');
function handleHttpRequest(request, response) {
var uri = url.parse(request.url, true);
-
+
// If this isn't a socket.io request, pass it onto the http handler
if (uri.pathname.substr(0, 10) !== '/socket.io') {
http_handler.serve(request, response);
}
}
+function rangeCheck(addr, range) {
+ var i, ranges, parts;
+ ranges = (!_.isArray(range)) ? [range] : range;
+ for (i = 0; i < ranges.length; i++) {
+ parts = ranges[i].split('/');
+ if (ipaddr.process(addr).match(ipaddr.process(parts[0]), parts[1])) {
+ return true;
+ }
+ }
+ return false;
+}
+
/**
* Get the reverse DNS entry for this connection.
// If a forwarded-for header is found, switch the source address
if (handshakeData.headers[global.config.http_proxy_ip_header || 'x-forwarded-for']) {
// Check we're connecting from a whitelisted proxy
- if (!global.config.http_proxies || !range_check.in_range(address, global.config.http_proxies)) {
+ if (!global.config.http_proxies || !rangeCheck(address, global.config.http_proxies)) {
console.log('Unlisted proxy:', address);
callback(null, false);
return;
}
handshakeData.real_address = address;
-
+
// If enabled, don't go over the connection limit
if (global.config.max_client_conns && global.config.max_client_conns > 0) {
if (global.clients.numOnAddress(address) + 1 > global.config.max_client_conns) {
} else {
handshakeData.revdns = _.first(domains) || address;
}
-
+
// All is well, authorise the connection
callback(null, true);
});
projects / KiwiIRC.git / commitdiff