Lab 10.1 Block IP address Express

gicontz

Seems like the validate.js not working properly.

Ive tried to request using it and debug the remoteAddress of two requests:

validate.js

☑️  GET http://localhost:3000/ responded with 200 response
⛔️ GET http://localhost:3000/ must respond 403 when requested from attacker IP

debug from the service

::ffff:127.0.0.1
GET / 200 12.448 ms - 170
::ffff:127.0.0.1
GET / 200 7.434 ms - 170

Code:

...
if (req.socket.remoteAddress.includes('111.34.55.211')) {
    const err = new Error('Forbidden');
    err.status = 403;
    next(err);
    return;
  }
...

gicontz

Same with lab 10.2

04:17:01 ✨ request completed 1ms
04:17:06 ✨ incoming request GET xxx /
127.0.0.1
04:17:06 ✨ request completed 2ms
04:17:06 ✨ incoming request GET xxx /
127.0.0.1

Code:

module.exports = fp(async (fastify, opts) => {
    fastify.addHook('onRequest', async (req) => {
        console.log(req.ip);
        if (req.ip === '211.133.33.113') {
            throw fastify.httpErrors.forbidden();
        }
    })
})

both are working in IP: 127.0.0.1

davidmarkclements

I'm unable to reproduce this.

Make sure there are no other node processes running, especially not the service, when you run node validate.js - the validate script will start the service.

baocongchen

I think you can simply check the ip by using req.ip !== 'the ip you want to detect'