allowedPrivateNetworks

mei23 · Aug 29, 2021 · 331dc20 · 331dc20
1 parent e13b8d4
commit 331dc20
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/.config/example.yml b/.config/example.yml
@@ -176,6 +176,10 @@ themeColor: '#fb4e4e'
 #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
 #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
 
+#allowedPrivateNetworks: [
+#  '127.0.0.1/32'
+#]
+
 # アップロードやリモート取得で処理できるファイルサイズの制限 (bytes)
 #maxFileSize: 262144000
 

diff --git a/src/config/types.ts b/src/config/types.ts
@@ -48,6 +48,8 @@ export type Source = {
 
 	proxyProxy?: string;
 
+	allowedPrivateNetworks?: string[];
+
 	maxFileSize?: number;
 
 	accesslog?: string;

diff --git a/src/misc/download-url.ts b/src/misc/download-url.ts
@@ -6,6 +6,7 @@ import { httpAgent, httpsAgent } from './fetch';
 import config from '../config';
 import * as chalk from 'chalk';
 import Logger from '../services/logger';
+import * as IPCIDR from 'ip-cidr';
 const PrivateIp = require('private-ip');
 
 const pipeline = util.promisify(stream.pipeline);
@@ -39,7 +40,7 @@ export async function downloadUrl(url: string, path: string) {
 		retry: 0,
 	}).on('response', (res: Got.Response) => {
 		if ((process.env.NODE_ENV === 'production' || process.env.NODE_ENV === 'test') && !config.proxy && res.ip) {
-			if (PrivateIp(res.ip)) {
+			if (isPrivateIp(res.ip)) {
 				logger.warn(`Blocked address: ${res.ip}`);
 				req.destroy();
 			}
@@ -68,3 +69,14 @@ export async function downloadUrl(url: string, path: string) {
 
 	logger.succ(`Download finished: ${chalk.cyan(url)}`);
 }
+
+function isPrivateIp(ip: string) {
+	for (const net of config.allowedPrivateNetworks || []) {
+		const cidr = new IPCIDR(net);
+		if (cidr.contains(ip)) {
+			return false;
+		}
+	}
+
+	return PrivateIp(ip);
+}