Update to authorize local ipv4 ip addresses

edit way to work in local try false in secure add log fix, update funct isRunningLoccaly fix fmt refacto
2024-12-05 15:25:03 +01:00
parent bbf8683004
commit 33ecce353e
2 changed files with 47 additions and 20 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -50,6 +50,13 @@ async function verifyAuthJwt(key: CryptoKey, jwt: string) {
  throw new Error('Invalid JWT');
 }
 function resolveCookieDomain(request: Request) {
  if (!isBaseUrlAnIp() || isRunningLocally(request)) {
    return baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
  }
  return '';
 }
 export async function getDataFromRequest(request: Request) {
  const cookies = getCookies(request.headers);
  const authorizationHeader = request.headers.get('authorization');
@@ -158,14 +165,9 @@ export async function logoutUser(request: Request) {
    secure: isRunningLocally(request) ? false : true,
    httpOnly: true,
    sameSite: 'Lax',
    domain: resolveCookieDomain(request),
  };
  if (!isBaseUrlAnIp()) {
    cookie.domain = isRunningLocally(request)
      ? 'localhost'
      : baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
  }
  const response = new Response('Logged Out', {
    status: 303,
    headers: { 'Location': '/', 'Content-Type': 'text/html; charset=utf-8' },
@@ -212,14 +214,9 @@ export async function createSessionCookie(
    secure: isRunningLocally(request) ? false : true,
    httpOnly: true,
    sameSite: 'Lax',
    domain: resolveCookieDomain(request),
  };
  if (!isBaseUrlAnIp()) {
    cookie.domain = isRunningLocally(request)
      ? 'localhost'
      : baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
  }
  setCookie(response.headers, cookie);
  return response;
@@ -241,14 +238,9 @@ export async function updateSessionCookie(
    secure: isRunningLocally(request) ? false : true,
    httpOnly: true,
    sameSite: 'Lax',
    domain: resolveCookieDomain(request),
  };
  if (!isBaseUrlAnIp()) {
    cookie.domain = isRunningLocally(request)
      ? 'localhost'
      : baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
  }
  setCookie(response.headers, cookie);
  return response;
--- a/lib/utils/misc.ts
+++ b/lib/utils/misc.ts
@@ -13,8 +13,43 @@ export const defaultTitle = 'bewCloud is a modern and simpler alternative to Nex
 export const defaultDescription = `Have your files under your own control.`;
 export const helpEmail = 'help@bewcloud.com';
-export function isRunningLocally(request: Request) {
+export function isRunningLocally(request: Request): boolean {
-  return request.url.includes('localhost');
+  try {
    const url = new URL(request.url);
    const hostname = url.hostname;
    // Local hostnames check
    if (['localhost', '127.0.0.1', '0.0.0.0'].includes(hostname)) {
      return true;
    }
    // Private IP ranges check
    const ipParts = hostname.split('.').map(Number);
    // Check if valid IP address
    if (ipParts.length !== 4 || ipParts.some(part => isNaN(part) || part < 0 || part > 255)) {
      return false;
    }
    // 10.0.0.0 - 10.255.255.255
    if (ipParts[0] === 10) {
      return true;
    }
    // 172.16.0.0 - 172.31.255.255
    if (ipParts[0] === 172 && ipParts[1] >= 16 && ipParts[1] <= 31) {
      return true;
    }
    // 192.168.0.0 - 192.168.255.255
    if (ipParts[0] === 192 && ipParts[1] === 168) {
      return true;
    }
    return false;
  } catch {
    return false;
  }
 }
 export function escapeHtml(unsafe: string) {