Seperate ip and cidr

2025-08-02 09:05:49 +02:00 · 2025-02-10 21:06:37 -05:00 · 2025-02-10 21:06:37 -05:00 · 3c99fbb1ef
commit 3c99fbb1ef
parent 5b44ffa2fb
6 changed files with 51 additions and 13 deletions
--- a/server/db/schema.ts
+++ b/server/db/schema.ts
@ -378,7 +378,7 @@ export const resourceRules = sqliteTable("resourceRules", {
        .notNull()
        .references(() => resources.resourceId, { onDelete: "cascade" }),
    action: text("action").notNull(), // ACCEPT, DROP
-    match: text("match").notNull(), // CIDR, PATH
+    match: text("match").notNull(), // CIDR, PATH, IP
    value: text("value").notNull()
 });

--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@ -494,6 +494,10 @@ async function checkRules(
                rule.match == "CIDR" &&
                isIpInCidr(clientIp, rule.value) &&
                rule.action === "DROP") ||
+            (clientIp &&
+                rule.match == "IP" &&
+                clientIp == rule.value &&
+                rule.action === "DROP") ||
            (path &&
                rule.match == "PATH" &&
                urlGlobToRegex(rule.value).test(path) &&
@ -516,6 +520,9 @@ async function checkRules(
                (clientIp &&
                    rule.match == "CIDR" &&
                    isIpInCidr(clientIp, rule.value)) ||
+                (clientIp &&
+                    rule.match == "IP" &&
+                    clientIp == rule.value) ||
                (path &&
                    rule.match == "PATH" &&
                    urlGlobToRegex(rule.value).test(path))
--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@ -12,7 +12,7 @@ import { fromError } from "zod-validation-error";
 const createResourceRuleSchema = z
    .object({
        action: z.enum(["ACCEPT", "DROP"]),
-        match: z.enum(["CIDR", "PATH"]),
+        match: z.enum(["CIDR", "IP", "PATH"]),
        value: z.string().min(1)
    })
    .strict();
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@ -27,7 +27,7 @@ const updateResourceRuleParamsSchema = z
 const updateResourceRuleSchema = z
    .object({
        action: z.enum(["ACCEPT", "DROP"]).optional(),
-        match: z.enum(["CIDR", "PATH"]).optional(),
+        match: z.enum(["CIDR", "IP", "PATH"]).optional(),
        value: z.string().min(1).optional()
    })
    .strict()