Convert IP ranges to decimal before comparision (#409)

* Add debug logging * no message * no message * no message
salesforce · Jun 15, 2017 · 44958ee · 44958ee
1 parent 0517fef
commit 44958ee
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -91,6 +91,7 @@
     "gulp-chmod": "^1.3.0",
     "helmet": "^0.15.0",
     "html-webpack-plugin": "^2.16.0",
+    "ip": "^1.1.5",
     "js-yaml": "^3.4.6",
     "jscs": "^3.0.7",
     "jsdom": "^9.8.3",

diff --git a/realtime/setupSocketIO.js b/realtime/setupSocketIO.js
@@ -93,6 +93,8 @@ function init(io, redisStore) {
     // Socket handshake must have "cookie" header with connect.sid.
     if (!socket.handshake.headers.cookie) {
       // disconnecting socket -- expecting header with cookie
+      // console.log('[WSDEBUG] disconnecting socket -- expecting header ' +
+      //   'with cookie');
       socket.disconnect();
       return;
     } // no cookie
@@ -101,12 +103,17 @@ function init(io, redisStore) {
     const sidMatch = SID_REX.exec(socket.handshake.headers.cookie);
     if (!sidMatch || sidMatch.length < 2) {
       // disconnecting socket -- expecting session id in cookie header
+      // console.log('[WSDEBUG] disconnecting socket -- expecting session ' +
+      //   'id in cookie header');
       socket.disconnect();
       return;
     }
 
     // Load the session from redisStore.
     const sid = sidMatch[1];
+
+    // console.log('[WSDEBUG] cookie', socket.handshake.headers.cookie);
+    // console.log('[WSDEBUG] sid', sid);
     getUserFromSession(sid, redisStore)
     .then((user) => {
 
@@ -118,7 +125,11 @@ function init(io, redisStore) {
         if (socket.handshake.headers &&
         socket.handshake.headers['x-forwarded-for']) {
           ipAddress = socket.handshake.headers['x-forwarded-for'];
+
+          // console.log('[IPDEBUG] socket.handshake.headers' +
+          //   '[x-forwarded-for]', ipAddress);
         } else if (socket.handshake.address) {
+          // console.log('[IPDEBUG] socket.handshake.address', ipAddress);
           ipAddress = socket.handshake.address;
         }
 
@@ -181,6 +192,7 @@ function init(io, redisStore) {
     })
     .catch((err) => {
       // no realtime events :(
+      // console.log('[WSDEBUG] caught error', err);
       socket.disconnect();
       return;
     });

diff --git a/realtime/utils.js b/realtime/utils.js
@@ -9,6 +9,7 @@
 /**
  * realTime/utils.js
  */
+const ip = require('ip');
 
 'use strict'; // eslint-disable-line strict
 const constants = require('./constants');
@@ -280,9 +281,12 @@ function isIpWhitelisted(addr, whitelist) {
     return true;
   }
 
+  const thisAddr = ip.toLong(addr);
   const ok = whitelist.some((range) => {
     if (Array.isArray(range) && range.length === 2) {
-      if (range[0] <= range[1] && addr >= range[0] && addr <= range[1]) {
+      const lo = ip.toLong(range[0]);
+      const hi = ip.toLong(range[1]);
+      if (lo <= hi && thisAddr >= lo && thisAddr <= hi) {
         return true;
       }
     }