donpat1to/Schichtenplaner
1
0
Fork 0
mirror of https://github.com/donpat1to/Schichtenplaner.git synced 2025-11-30 22:45:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

added whitelist with loopback addresses for api rateLimit

Browse Source
This commit is contained in:
Patrick Mahnke-Hartmann
2025-11-07 16:32:10 +01:00
parent 0473a3b5bf
commit a8dc11b024
1 changed files with 51 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
backend/src/middleware/rateLimit.ts
View File

@@ -41,6 +41,28 @@ const getClientIP = (req: Request): string => {
return remoteAddress;
};
// Helper to check if an IP is a loopback address (IPv4 or IPv6)
const isLoopbackAddress = (ip: string): boolean => {
// IPv4 loopback: 127.0.0.0/8
if (ip.startsWith('127.') || ip === 'localhost') {
return true;
}
// IPv6 loopback: ::1
// Also handle IPv4-mapped IPv6 addresses like ::ffff:127.0.0.1
if (ip === '::1' || ip === '::ffff:127.0.0.1') {
return true;
}
// Handle full IPv6 loopback notation
if (ip.toLowerCase().startsWith('0000:0000:0000:0000:0000:0000:0000:0001') ||
ip.toLowerCase() === '0:0:0:0:0:0:0:1') {
return true;
}
return false;
};
// Helper to check if request should be limited
const shouldSkipLimit = (req: Request): boolean => {
const skipPaths = [
@@ -54,9 +76,16 @@ const shouldSkipLimit = (req: Request): boolean => {
return true;
}
const clientIP = getClientIP(req);
// Skip for loopback addresses (local development)
if (isLoopbackAddress(clientIP)) {
console.log(`✅ Loopback address skipped: ${clientIP}`);
return true;
}
// Skip for whitelisted IPs from environment
const whitelist = process.env.RATE_LIMIT_WHITELIST?.split(',') || [];
const clientIP = getClientIP(req);
if (whitelist.includes(clientIP)) {
console.log(`✅ IP whitelisted: ${clientIP}`);
return true;