pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-06 10:46:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ip lookup

Browse Source
This commit is contained in:
Owen
2025-08-24 21:58:52 -07:00
parent adbcd1a2e0
commit 72f19274cd
1 changed files with 53 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
server/routers/badger/verifySession.ts
View File

@@ -33,6 +33,8 @@ import createHttpError from "http-errors";
import NodeCache from "node-cache"; import NodeCache from "node-cache";
import { z } from "zod"; import { z } from "zod";
import { fromError } from "zod-validation-error"; import { fromError } from "zod-validation-error";
import axios from "axios";
import { tokenManager } from "@server/lib";
// We'll see if this speeds anything up // We'll see if this speeds anything up
const cache = new NodeCache({ const cache = new NodeCache({
@@ -123,8 +125,8 @@ export async function verifyResourceSession(
let cleanHost = host; let cleanHost = host;
// if the host ends with :port, strip it // if the host ends with :port, strip it
if (cleanHost.match(/:[0-9]{1,5}$/)) { if (cleanHost.match(/:[0-9]{1,5}$/)) {
const matched = ''+cleanHost.match(/:[0-9]{1,5}$/); const matched = "" + cleanHost.match(/:[0-9]{1,5}$/);
cleanHost = cleanHost.slice(0, -1*matched.length); cleanHost = cleanHost.slice(0, -1 * matched.length);
} }
const resourceCacheKey = `resource:${cleanHost}`; const resourceCacheKey = `resource:${cleanHost}`;
@@ -193,7 +195,10 @@ export async function verifyResourceSession(
let endpoint: string; let endpoint: string;
if (config.isManagedMode()) { if (config.isManagedMode()) {
endpoint = config.getRawConfig().managed?.redirect_endpoint || config.getRawConfig().managed?.endpoint || ""; endpoint =
config.getRawConfig().managed?.redirect_endpoint ||
config.getRawConfig().managed?.endpoint ||
"";
} else { } else {
endpoint = config.getRawConfig().app.dashboard_url!; endpoint = config.getRawConfig().app.dashboard_url!;
} }
@@ -613,6 +618,12 @@ async function checkRules(
isPathAllowed(rule.value, path) isPathAllowed(rule.value, path)
) { ) {
return rule.action as any; return rule.action as any;
} else if (
clientIp &&
rule.match == "GEOIP" &&
(await isIpInGeoIP(clientIp, rule.value))
) {
return rule.action as any;
} }
} }
@@ -737,3 +748,42 @@ export function isPathAllowed(pattern: string, path: string): boolean {
logger.debug(`Final result: ${result}`); logger.debug(`Final result: ${result}`);
return result; return result;
} }
async function isIpInGeoIP(ip: string, countryCode: string): Promise<boolean> {
const geoIpCacheKey = `geoip:${ip}`;
let cachedCountryCode: string | undefined = cache.get(geoIpCacheKey);
if (!cachedCountryCode) {
try {
const response = await axios.get(
`${config.getRawConfig().managed?.endpoint}/api/v1/geoip/${ip}`,
await tokenManager.getAuthHeader()
);
cachedCountryCode = response.data.data.country;
// Cache for longer since IP geolocation doesn't change frequently
cache.set(geoIpCacheKey, cachedCountryCode, 300); // 5 minutes
logger.debug(`IP ${ip} is in country:`, cachedCountryCode);
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return false;
}
}
return cachedCountryCode?.toUpperCase() === countryCode.toUpperCase();
}