push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): add domain-scoped IP allow list support across HTTP and passthrough filtering

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-06 12:46:09 +00:00
parent 572e31587a
commit 99a026627d
11 changed files with 256 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ts/proxies/smart-proxy/utils/route-validator.ts
View File

@@ -196,10 +196,19 @@ export class RouteValidator {
// Validate IP allow/block lists
if (route.security.ipAllowList) {
const allowList = Array.isArray(route.security.ipAllowList) ? route.security.ipAllowList : [route.security.ipAllowList];
for (const ip of allowList) {
if (!this.isValidIPPattern(ip)) {
errors.push(`Invalid IP pattern in allow list: ${ip}`);
for (const entry of allowList) {
if (typeof entry === 'string') {
if (!this.isValidIPPattern(entry)) {
errors.push(`Invalid IP pattern in allow list: ${entry}`);
}
} else if (entry && typeof entry === 'object') {
if (!this.isValidIPPattern(entry.ip)) {
errors.push(`Invalid IP pattern in domain-scoped allow entry: ${entry.ip}`);
}
if (!Array.isArray(entry.domains) || entry.domains.length === 0) {
errors.push(`Domain-scoped allow entry for ${entry.ip} must have non-empty domains array`);
}
}
}
}