Merge draad branch in openstad branch

openstad · Jul 20, 2023 · 0403ced · 0403ced · github-actions · Jul 20, 2023
2 parents 5043eef + d017692
commit 0403ced
Show file tree

Hide file tree

Showing 6 changed files with 3,355 additions and 5,892 deletions.
diff --git a/app-init.js b/app-init.js
@@ -116,15 +116,14 @@ app.use(passport.initialize());
 app.use(passport.session());
 app.use(expressValidator());
 
-/*
 app.use((req, res, next) => {
   console.log('=====> REQUEST: ', req.originalUrl);
   console.log('=====> query: ', req.query);
+  console.log('=====> ip: ', req.headers['x-forwarded-for'] || req.socket.remoteAddress, req.ip);
   console.log('=====> body: ', req.body);
   console.log('=====> session: ', req.session);
   next();
 });
-*/
 
 // Passport configuration
 require('./auth');

diff --git a/controllers/auth/local.js b/controllers/auth/local.js
@@ -128,8 +128,12 @@ exports.logout = async (req, res) => {
   const config = req.client.config;
   const allowedDomains = req.client.allowedDomains ? req.client.allowedDomains : false;
   let redirectURL = req.query.redirectUrl;
-  const redirectUrlHost = redirectURL ? new URL(redirectURL).hostname : false;
-  redirectURL = redirectUrlHost && allowedDomains && allowedDomains.indexOf(redirectUrlHost) !== -1 ? redirectURL : false;
+  try {
+    const redirectUrlHost = redirectURL ? new URL(redirectURL).hostname : false;
+    redirectURL           = redirectUrlHost && allowedDomains && allowedDomains.indexOf(redirectUrlHost) !== -1 ? redirectURL : false;
+  } catch (e) {
+    //
+  }
 
   if (!redirectURL) {
     redirectURL =  config && config.logoutUrl ? config.logoutUrl : req.client.siteUrl

diff --git a/middleware/blocker.js b/middleware/blocker.js
@@ -0,0 +1,29 @@
+const Netmask = require('netmask').Netmask;
+
+exports.preventCiscoRequest = (req, res, next) => {
+
+  // Fix for local IP
+  if (req.ip == '::1') {
+    return next();
+  }
+
+  // CIDRs for Cisco Umbrella
+  // See https://support.umbrella.com/hc/en-us/articles/360059292052-Additional-Egress-IP-Address-Range
+  const cidrs = ['146.112.0.0/16', '155.190.0.0/16'];
+
+  // Check if IP is in cidr
+  const isIpInCidr = cidrs.some(cidr => {
+    const block = new Netmask(cidr);
+    return block.contains(req.ip);
+  });
+
+  if (!isIpInCidr) {
+    return next();
+  }
+
+  console.log('IP is in CIDRs to block', req.ip, cidrs, isIpInCidr);
+
+  req.flash('error', {msg: 'De url is geen geldige login url, wellicht is deze verlopen'});
+  return res.redirect(`/auth/url/login?clientId=${req.query.clientId}`);
+
+}