From 673f897723fe487fd14417c5bbb2f793e5c3ac30 Mon Sep 17 00:00:00 2001
From: Ben Allfree <ben@benallfree.com>
Date: Thu, 9 Jan 2025 03:40:51 +0000
Subject: [PATCH] enh: CIDR secret override

---
 .../commands/FirewallCommand/ServeCommand/firewall/cidr.ts   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/pockethost/src/cli/commands/FirewallCommand/ServeCommand/firewall/cidr.ts b/packages/pockethost/src/cli/commands/FirewallCommand/ServeCommand/firewall/cidr.ts
index 84e69959..2ebd671f 100644
--- a/packages/pockethost/src/cli/commands/FirewallCommand/ServeCommand/firewall/cidr.ts
+++ b/packages/pockethost/src/cli/commands/FirewallCommand/ServeCommand/firewall/cidr.ts
@@ -13,11 +13,12 @@ export const createIpWhitelistMiddleware = (blockedCIDRs: string[]) => {
     const ip = req.ip // or req.headers['x-forwarded-for'] || req.connection.remoteAddress;
     if (
       blockedCIDRs.length === 0 ||
-      (ip && blockedCIDRObjects.some((cidr) => cidr.contains(ip)))
+      (ip && blockedCIDRObjects.some((cidr) => cidr.contains(ip))) ||
+      req.header('x-pockethost-secret') === process.env.PH_SECRET
     ) {
       next()
     } else {
-      res.status(403).send('Nope')
+      res.status(403).send(`Nope: ${ip}`)
     }
   }
 }