Mirroristas/pockethost
2
0
Fork 0
mirror of https://github.com/pockethost/pockethost.git synced 2025-11-24 06:25:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(pockethost): add user proxy whitelist

Browse Source
This commit is contained in:
Ben Allfree 2025-10-20 14:10:07 +00:00
parent b03fdc41fe
commit 69d8846863
3 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
packages/pockethost/src/cli/commands/FirewallCommand/ServeCommand/firewall/rate-limiter.ts
View File

@ -23,12 +23,19 @@ const getConnectingIp = (req: express.Request): string | undefined => {
} }
// Middleware factory to create a rate limiting middleware // Middleware factory to create a rate limiting middleware
export const createRateLimiterMiddleware = (logger: Logger, userProxyIps: string[] = []) => { export const createRateLimiterMiddleware = (
logger: Logger,
userProxyIps: string[] = [],
userProxyWhitelistIps: string[] = []
) => {
const { dbg, warn } = logger.create(`RateLimiter`) const { dbg, warn } = logger.create(`RateLimiter`)
dbg(`Creating`) dbg(`Creating`)
if (userProxyIps.length > 0) { if (userProxyIps.length > 0) {
dbg(`User proxy IPs: ${userProxyIps.join(', ')}`) dbg(`User proxy IPs: ${userProxyIps.join(', ')}`)
} }
if (userProxyWhitelistIps.length > 0) {
dbg(`User proxy whitelist IPs (bypass rate limiting): ${userProxyWhitelistIps.join(', ')}`)
}
const isUserProxy = (connectingIp: string | undefined): boolean => { const isUserProxy = (connectingIp: string | undefined): boolean => {
if (!connectingIp) return false if (!connectingIp) return false
@ -69,6 +76,14 @@ export const createRateLimiterMiddleware = (logger: Logger, userProxyIps: string
}) })
return async (req: express.Request, res: express.Response, next: express.NextFunction) => { return async (req: express.Request, res: express.Response, next: express.NextFunction) => {
const connectingIp = getConnectingIp(req)
// Check if connecting IP is whitelisted - bypass all rate limiting
if (connectingIp && userProxyWhitelistIps.includes(connectingIp)) {
dbg(`Whitelisted user proxy IP detected: ${connectingIp} - bypassing rate limiting`)
return next()
}
const ip = getClientIp(req) const ip = getClientIp(req)
if (isUserProxy(ip)) { if (isUserProxy(ip)) {
dbg(`User Proxy IP detected: ${ip}`, req.headers) dbg(`User Proxy IP detected: ${ip}`, req.headers)

3
packages/pockethost/src/cli/commands/FirewallCommand/ServeCommand/firewall/server.ts
View File

@ -7,6 +7,7 @@ import {
MOTHERSHIP_NAME, MOTHERSHIP_NAME,
MOTHERSHIP_PORT, MOTHERSHIP_PORT,
PH_USER_PROXY_IPS, PH_USER_PROXY_IPS,
PH_USER_PROXY_WHITELIST_IPS,
SSL_CERT, SSL_CERT,
SSL_KEY, SSL_KEY,
} from '@' } from '@'
@ -84,7 +85,7 @@ export const firewall = async ({ logger }: FirewallOptions) => {
// Use the IP blocker middleware // Use the IP blocker middleware
app.use(createIpWhitelistMiddleware(IPCIDR_LIST())) app.use(createIpWhitelistMiddleware(IPCIDR_LIST()))
app.use(createRateLimiterMiddleware(logger, PH_USER_PROXY_IPS())) app.use(createRateLimiterMiddleware(logger, PH_USER_PROXY_IPS(), PH_USER_PROXY_WHITELIST_IPS()))
forEach(hostnameRoutes, (target, host) => { forEach(hostnameRoutes, (target, host) => {
app.use(createVhostProxyMiddleware(host, target, IS_DEV(), logger)) app.use(createVhostProxyMiddleware(host, target, IS_DEV(), logger))

3
packages/pockethost/src/constants.ts
View File

@ -65,6 +65,7 @@ export const createSettings = () => ({
IPCIDR_LIST: mkCsvString([]), IPCIDR_LIST: mkCsvString([]),
PH_USER_PROXY_IPS: mkCsvString([]), PH_USER_PROXY_IPS: mkCsvString([]),
PH_USER_PROXY_WHITELIST_IPS: mkCsvString([]),
DAEMON_PORT: mkNumber(3000), DAEMON_PORT: mkNumber(3000),
DAEMON_PB_IDLE_TTL: mkNumber(1000 * 5), // 5 seconds DAEMON_PB_IDLE_TTL: mkNumber(1000 * 5), // 5 seconds
PH_CONTAINER_LAUNCH_WARN_MS: mkNumber(200), PH_CONTAINER_LAUNCH_WARN_MS: mkNumber(200),
@ -166,6 +167,7 @@ export const APEX_DOMAIN = () => settings().APEX_DOMAIN
export const IPCIDR_LIST = () => settings().IPCIDR_LIST export const IPCIDR_LIST = () => settings().IPCIDR_LIST
export const PH_USER_PROXY_IPS = () => settings().PH_USER_PROXY_IPS export const PH_USER_PROXY_IPS = () => settings().PH_USER_PROXY_IPS
export const PH_USER_PROXY_WHITELIST_IPS = () => settings().PH_USER_PROXY_WHITELIST_IPS
export const DAEMON_PORT = () => settings().DAEMON_PORT export const DAEMON_PORT = () => settings().DAEMON_PORT
export const DAEMON_PB_IDLE_TTL = () => settings().DAEMON_PB_IDLE_TTL export const DAEMON_PB_IDLE_TTL = () => settings().DAEMON_PB_IDLE_TTL
export const PH_CONTAINER_LAUNCH_WARN_MS = () => settings().PH_CONTAINER_LAUNCH_WARN_MS export const PH_CONTAINER_LAUNCH_WARN_MS = () => settings().PH_CONTAINER_LAUNCH_WARN_MS
@ -271,6 +273,7 @@ export const logConstants = () => {
APEX_DOMAIN, APEX_DOMAIN,
IPCIDR_LIST, IPCIDR_LIST,
PH_USER_PROXY_IPS, PH_USER_PROXY_IPS,
PH_USER_PROXY_WHITELIST_IPS,
DAEMON_PORT, DAEMON_PORT,
DAEMON_PB_IDLE_TTL, DAEMON_PB_IDLE_TTL,
PH_CONTAINER_LAUNCH_WARN_MS, PH_CONTAINER_LAUNCH_WARN_MS,