-
-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is a reason for querying extreme-ip-lookup.com on client side? + (is api.ipify.org required too?) #159
Comments
It's probably possible to just rely on something like this
at server side instead of any 3rd-party services on client side. That'll work faster and the app will not depend on other services uptime. I don't see any cases when 3rd-party services will return any other IP than code above will. Except some heavily misconfigured servers. |
Hey @phpony! |
@phpony Now I remember why I used extreme-ip-lookup on the client side :) It was a simple hack to not pay for the API key, as with the key=demo2 using it on the client side, in more cases you get the info, while if you use that key on the server side, no. Try this one: https://extreme-ip-lookup.com/json/?key=demo2 |
Found the alternative: https://www.geojs.io/docs/v1/endpoints/geo/ this works on server side as well. |
Make it as optional if someone need (default # IP lookup
# Using GeoJS to get more info about peer by IP
# Doc: https://www.geojs.io/docs/v1/endpoints/geo/
IP_LOOKUP_ENABLED=false # true or false |
Hello!
Found out that client.js is making the request to https://extreme-ip-lookup.com/json/ when you join the room:
There's the config option:
mirotalk/public/js/client.js
Lines 28 to 29 in b7cd692
There's the function using it:
mirotalk/public/js/client.js
Lines 765 to 777 in b7cd692
Here we pass peerGeo obtained from 3rd-party to sever in connection payload:
mirotalk/public/js/client.js
Lines 1442 to 1444 in b7cd692
Here we completely ignore it:
mirotalk/app/src/server.js
Lines 650 to 670 in f2d70ee
By default if you do not provide any API key extreme-ip-lookup.com is returning dummy data. My uBlock is blocking this host and this doesn't break anything. Also because it's not used anywhere on server side, I've removed this peerGeo from payload completely on my local instance without any problems. The IP is still provided by api.ipify.org from myWanIP variable.
Seems like querying extreme-ip-lookup.com is either some old obsolete code or something planned for future versions? And even if it will be used in future - I don't think the sever in any form should trust any peerGeo data requested from 3rd-party on client side, because it can easily be forged. It would be better to rely on geoip-lite on server side then.
So, for now it looks like we're slowing down the initial connect by waiting for 3rd-party request to extreme-ip-lookup.com for.. nothing?..
P.S. Maybe it would be better to get rid of api.ipify.org too and to just rely on remote ip on server side...
The text was updated successfully, but these errors were encountered: