Merge pull request #9 from lafama/master

Update ipfilter.js
ryanbillingsley · Feb 9, 2015 · 9aa43af · 9aa43af
2 parents 7296796 + c615cf2
commit 9aa43af
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/lib/ipfilter.js b/lib/ipfilter.js
@@ -60,6 +60,8 @@ module.exports = function ipfilter(ips, opts) {
         var ipAddress;
 
         var forwardedIpsStr = req.headers['x-forwarded-for'];
+        //Allow getting cloudflare connecting client IP
+        var cloudFlareConnectingIp=req.headers['cf-connecting-ip'];
 
         if (forwardedIpsStr) {
             var forwardedIps = forwardedIpsStr.split(',');
@@ -69,6 +71,9 @@ module.exports = function ipfilter(ips, opts) {
         if (!ipAddress) {
             ipAddress = req.connection.remoteAddress;
         }
+        if(cloudFlareConnectingIp!=undefined){
+            ipAddress=cloudFlareConnectingIp;
+        }
 
         if(!ipAddress){
             return '';

diff --git a/test.js b/test.js
@@ -571,3 +571,69 @@ describe('an array of cidr blocks',function(){
         });
     });
 });
+
+//CloudFlare Tests
+describe('enforcing cloudflare based client IP address blacklist restrictions', function(){
+
+    beforeEach(function(){
+        this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false });
+        this.req = {
+            session: {},
+            headers: [],
+            connection: {
+                remoteAddress: ''
+            }
+        };
+    });
+
+    it('should allow all non-blacklisted forwarded ips', function( done ){
+        this.req.headers['cf-connecting-ip'] = '127.0.0.2';
+        this.ipfilter( this.req, {}, function(){
+            done();
+        });
+    });
+
+    it('should deny all blacklisted forwarded ips', function( done ){
+        this.req.headers['cf-connecting-ip'] = '127.0.0.1';
+        var res = {
+            end: function(){
+                assert.equal( 401, res.statusCode );
+                done();
+            }
+        };
+
+        this.ipfilter( this.req, res, function(){});
+    });
+
+});
+describe('enforcing cloudflare based client IP address whitelist restrictions', function(){
+    beforeEach(function(){
+        this.ipfilter = ipfilter([ '127.0.0.1' ], { log: false, mode: 'allow' });
+        this.req = {
+            session: {},
+            headers: [],
+            connection: {
+                remoteAddress: ''
+            }
+        };
+    });
+
+    it('should allow whitelisted forwarded ips', function( done ){
+        this.req.headers['cf-connecting-ip'] = '127.0.0.1';
+        this.ipfilter( this.req, {}, function(){
+            done();
+        });
+    });
+    it('should deny all non-whitelisted forwarded ips', function( done ){
+        this.req.headers['cf-connecting-ip'] = '127.0.0.2';
+        var res = {
+            end: function(){
+                assert.equal( 401, res.statusCode );
+                done();
+            }
+        };
+
+        this.ipfilter( this.req, res, function(){});
+    });
+
+})