From f2fb32b7b01aab067d9c54c9dee3d798c906edf3 Mon Sep 17 00:00:00 2001
From: Darren <darren@darrenwhitlen.com>
Date: Wed, 7 Nov 2012 20:53:50 +0000
Subject: [PATCH] Server: Reverse proxy IP ranges

---
 package.json          | 3 ++-
 server/weblistener.js | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 52a9172..20480d6 100644
--- a/package.json
+++ b/package.json
@@ -9,6 +9,7 @@
     "uglify-js": "1.2.3",
     "socket.io": "0.8.7",
     "underscore": "1.3.3",
-    "daemonize2": "0.4.0-rc.5"
+    "daemonize2": "0.4.0-rc.5",
+    "range_check": "0.0.1"
   }
 }
diff --git a/server/weblistener.js b/server/weblistener.js
index 6337750..1c61036 100644
--- a/server/weblistener.js
+++ b/server/weblistener.js
@@ -9,7 +9,8 @@ var ws          = require('socket.io'),
     _           = require('underscore'),
     Client      = require('./client.js').Client,
     HttpHandler = require('./httphandler.js').HttpHandler,
-    rehash      = require('./rehash.js');
+    rehash      = require('./rehash.js'),
+    range_check = require('range_check');
 
 
 
@@ -104,9 +105,9 @@ function authoriseConnection(handshakeData, callback) {
     var address = handshakeData.address.address;
 
     // If a forwarded-for header is found, switch the source address
-    if (handshakeData.headers['x-forwarded-for']) {
+    if (handshakeData.headers[global.config.http_proxy_ip_header || 'x-forwarded-for']) {
         // Check we're connecting from a whitelisted proxy
-        if (!global.config.http_proxies || global.config.http_proxies.indexOf(address) < 0) {
+        if (!global.config.http_proxies || !range_check.in_range(address, global.config.http_proxies)) {
             console.log('Unlisted proxy:', address);
             callback(null, false);
             return;
-- 
2.25.1