Skip to content
This repository has been archived by the owner on Nov 28, 2018. It is now read-only.

Commit

Permalink
Merge branch 'master' of github.com:baminteractive/express-ipfilter
Browse files Browse the repository at this point in the history
* 'master' of github.com:baminteractive/express-ipfilter:
  Added CloudFlare header tests
  Update ipfilter.js
  • Loading branch information
ryanbillingsley committed Feb 9, 2015
2 parents 37bc099 + 9aa43af commit 885df88
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/ipfilter.js
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,8 @@ module.exports = function ipfilter(ips, opts) {
var ipAddress;

var forwardedIpsStr = req.headers['x-forwarded-for'];
//Allow getting cloudflare connecting client IP
var cloudFlareConnectingIp=req.headers['cf-connecting-ip'];

if (forwardedIpsStr) {
var forwardedIps = forwardedIpsStr.split(',');
Expand All @@ -69,6 +71,9 @@ module.exports = function ipfilter(ips, opts) {
if (!ipAddress) {
ipAddress = req.connection.remoteAddress;
}
if(cloudFlareConnectingIp!=undefined){
ipAddress=cloudFlareConnectingIp;
}

if(!ipAddress){
return '';
Expand Down
66 changes: 66 additions & 0 deletions test.js
Original file line number Diff line number Diff line change
Expand Up @@ -571,3 +571,69 @@ describe('an array of cidr blocks',function(){
});
});
});

//CloudFlare Tests
describe('enforcing cloudflare based client IP address blacklist restrictions', function(){

beforeEach(function(){
this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false });
this.req = {
session: {},
headers: [],
connection: {
remoteAddress: ''
}
};
});

it('should allow all non-blacklisted forwarded ips', function( done ){
this.req.headers['cf-connecting-ip'] = '127.0.0.2';
this.ipfilter( this.req, {}, function(){
done();
});
});

it('should deny all blacklisted forwarded ips', function( done ){
this.req.headers['cf-connecting-ip'] = '127.0.0.1';
var res = {
end: function(){
assert.equal( 401, res.statusCode );
done();
}
};

this.ipfilter( this.req, res, function(){});
});

});
describe('enforcing cloudflare based client IP address whitelist restrictions', function(){
beforeEach(function(){
this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false, mode: 'allow' });
this.req = {
session: {},
headers: [],
connection: {
remoteAddress: ''
}
};
});

it('should allow whitelisted forwarded ips', function( done ){
this.req.headers['cf-connecting-ip'] = '127.0.0.1';
this.ipfilter( this.req, {}, function(){
done();
});
});
it('should deny all non-whitelisted forwarded ips', function( done ){
this.req.headers['cf-connecting-ip'] = '127.0.0.2';
var res = {
end: function(){
assert.equal( 401, res.statusCode );
done();
}
};

this.ipfilter( this.req, res, function(){});
});

})

0 comments on commit 885df88

Please sign in to comment.