Update IP allowlist implementation

2026-05-02 03:02:03 -04:00 · 2023-07-27 11:18:36 +07:00
parent 41c1828324
commit 221a43e8a4
2 changed files with 47 additions and 7 deletions
--- a/backend/src/utils/setup/backfillData.ts
+++ b/backend/src/utils/setup/backfillData.ts
@@ -567,10 +567,29 @@ export const backfillTrustedIps = async () => {
      $nin: workspaceIdsWithTrustedIps
    }
  });
-
+  
  if (workspaceIdsToAddTrustedIp.length > 0) {
-    const operations = workspaceIdsToAddTrustedIp.map((workspaceId) => {
-      return {
+    const operations: {
+      updateOne: {
+        filter: {
+          workspace: Types.ObjectId;
+          ipAddress: string;
+        },
+        update: {
+          workspace: Types.ObjectId;
+          ipAddress: string;
+          type: string;
+          prefix: number;
+          isActive: boolean;
+          comment: string;
+        },
+        upsert: boolean;
+      }
+    }[] = [];
+    
+    workspaceIdsToAddTrustedIp.forEach((workspaceId) => {
+      // default IPv4 trusted CIDR
+      operations.push({
        updateOne: {
          filter: {
            workspace: workspaceId,
@@ -584,9 +603,28 @@ export const backfillTrustedIps = async () => {
            isActive: true,
            comment: ""
          },
-          upsert: true,
-        },
-      };
+          upsert: true
+        }
+      });
+      
+      // default IPv6 trusted CIDR
+      operations.push({
+        updateOne: {
+          filter: {
+            workspace: workspaceId,
+            ipAddress: "::"
+          },
+          update: {
+            workspace: workspaceId,
+            ipAddress: "::",
+            type: IPType.IPV6.toString(),
+            prefix: 0,
+            isActive: true,
+            comment: ""
+          },
+          upsert: true
+        }
+      });
    });

    await TrustedIP.bulkWrite(operations);
--- a/backend/src/validation/workspace.ts
+++ b/backend/src/validation/workspace.ts
@@ -26,6 +26,7 @@ import {
 } from "../variables";
 import { BotService } from "../services";
 import { AuthData } from "../interfaces/middleware";
+import { extractIPDetails } from "../utils/ip";

 /**
 * Validate authenticated clients for workspace with id [workspaceId] based
@@ -135,7 +136,8 @@ export const validateClientForWorkspace = async ({
 					}
 				}
 				
-				const check = blockList.check(authData.authIP);
+				const { type } = extractIPDetails(authData.authIP);
+				const check = blockList.check(authData.authIP, type);
 				
 				if (!check) throw UnauthorizedRequestError({
 					message: "Failed workspace authorization"