From 10363c74c1d869f0e0c7bc4d0367b1f34d1bb6a4 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 3 Jun 2021 17:33:44 +0200 Subject: Move middleware utils in middlewares helpers modules should not import models --- server/lib/signup.ts | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 server/lib/signup.ts (limited to 'server/lib/signup.ts') diff --git a/server/lib/signup.ts b/server/lib/signup.ts new file mode 100644 index 000000000..8fa81e601 --- /dev/null +++ b/server/lib/signup.ts @@ -0,0 +1,62 @@ +import { UserModel } from '../models/user/user' +import * as ipaddr from 'ipaddr.js' +import { CONFIG } from '../initializers/config' + +const isCidr = require('is-cidr') + +async function isSignupAllowed (): Promise<{ allowed: boolean, errorMessage?: string }> { + if (CONFIG.SIGNUP.ENABLED === false) { + return { allowed: false } + } + + // No limit and signup is enabled + if (CONFIG.SIGNUP.LIMIT === -1) { + return { allowed: true } + } + + const totalUsers = await UserModel.countTotal() + + return { allowed: totalUsers < CONFIG.SIGNUP.LIMIT } +} + +function isSignupAllowedForCurrentIP (ip: string) { + if (!ip) return false + + const addr = ipaddr.parse(ip) + const excludeList = [ 'blacklist' ] + let matched = '' + + // if there is a valid, non-empty whitelist, we exclude all unknown adresses too + if (CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr(cidr)).length > 0) { + excludeList.push('unknown') + } + + if (addr.kind() === 'ipv4') { + const addrV4 = ipaddr.IPv4.parse(ip) + const rangeList = { + whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v4(cidr)) + .map(cidr => ipaddr.IPv4.parseCIDR(cidr)), + blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v4(cidr)) + .map(cidr => ipaddr.IPv4.parseCIDR(cidr)) + } + matched = ipaddr.subnetMatch(addrV4, rangeList, 'unknown') + } else if (addr.kind() === 'ipv6') { + const addrV6 = ipaddr.IPv6.parse(ip) + const rangeList = { + whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v6(cidr)) + .map(cidr => ipaddr.IPv6.parseCIDR(cidr)), + blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v6(cidr)) + .map(cidr => ipaddr.IPv6.parseCIDR(cidr)) + } + matched = ipaddr.subnetMatch(addrV6, rangeList, 'unknown') + } + + return !excludeList.includes(matched) +} + +// --------------------------------------------------------------------------- + +export { + isSignupAllowed, + isSignupAllowedForCurrentIP +} -- cgit v1.2.3