directus

1
import { useEnv } from '@directus/env';
2
import { randIp, randUrl } from '@ngneat/falso';
3
import os from 'node:os';
4
import type { Logger } from 'pino';
5
import { afterEach, beforeEach, expect, test, vi } from 'vitest';
6
import { useLogger } from '../logger.js';
7
import { ipInNetworks } from '../utils/ip-in-networks.js';
8
import { isDeniedIp } from './is-denied-ip.js';
9

10
vi.mock('node:os');
11
vi.mock('@directus/env');
12
vi.mock('../logger.js');
13
vi.mock('../utils/ip-in-networks.js');
14

15
let sample: {
16
	ip: string;
17
	url: string;
18
};
19

20
beforeEach(() => {
21
	sample = {
22
		ip: randIp(),
23
		url: randUrl(),
24
	};
25
});
26

27
afterEach(() => {
28
	vi.resetAllMocks();
29
});
30

31
test(`Returns false if deny list is empty`, async () => {
32
	vi.mocked(useEnv).mockReturnValue({ IMPORT_IP_DENY_LIST: [] });
33

34
	const result = isDeniedIp(sample.ip);
35

36
	expect(result).toBe(false);
37
});
38

39
test(`Returns false if IP is not in deny list`, async () => {
40
	vi.mocked(useEnv).mockReturnValue({ IMPORT_IP_DENY_LIST: [sample.ip] });
41
	vi.mocked(ipInNetworks).mockReturnValue(false);
42

43
	const result = isDeniedIp(sample.ip);
44

45
	expect(result).toBe(false);
46
});
47

48
test(`Returns true if IP is in deny list`, async () => {
49
	vi.mocked(useEnv).mockReturnValue({ IMPORT_IP_DENY_LIST: [sample.ip] });
50
	vi.mocked(ipInNetworks).mockReturnValue(true);
51

52
	const result = isDeniedIp(sample.ip);
53

54
	expect(result).toBe(true);
55
});
56

57
test(`Returns true and logs error if deny list is invalid`, async () => {
58
	vi.mocked(useEnv).mockReturnValue({ IMPORT_IP_DENY_LIST: ['invalid'] });
59

60
	const mockLogger = {
61
		warn: vi.fn(),
62
	} as unknown as Logger;
63

64
	vi.mocked(useLogger).mockReturnValue(mockLogger);
65

66
	const error = new Error();
67

68
	vi.mocked(ipInNetworks).mockImplementation(() => {
69
		throw error;
70
	});
71

72
	const result = isDeniedIp(sample.ip);
73

74
	expect(result).toBe(true);
75
	expect(mockLogger.warn).toHaveBeenCalledWith(`Cannot verify IP address due to invalid "IMPORT_IP_DENY_LIST" config`);
76
	expect(mockLogger.warn).toHaveBeenCalledWith(error);
77
});
78

79
test(`Checks against IPs of local network interfaces if deny list contains 0.0.0.0`, async () => {
80
	vi.mocked(useEnv).mockReturnValue({ IMPORT_IP_DENY_LIST: ['0.0.0.0'] });
81

82
	vi.mocked(os.networkInterfaces).mockReturnValue({});
83

84
	const result = isDeniedIp(sample.ip);
85

86
	expect(result).toBe(false);
87
	expect(os.networkInterfaces).toHaveBeenCalledOnce();
88
});
89

90
test(`Returns true if IP matches resolved local network interface address`, async () => {
91
	vi.mocked(useEnv).mockReturnValue({ IMPORT_IP_DENY_LIST: ['0.0.0.0'] });
92

93
	vi.mocked(os.networkInterfaces).mockReturnValue({
94
		fa0: undefined,
95
		lo0: [
96
			{
97
				address: '127.0.0.1',
98
				netmask: '255.0.0.0',
99
				family: 'IPv4',
100
				mac: '00:00:00:00:00:00',
101
				internal: true,
102
				cidr: '127.0.0.1/8',
103
			},
104
		],
105
		en0: [
106
			{
107
				address: sample.ip,
108
				netmask: '255.0.0.0',
109
				family: 'IPv4',
110
				mac: '00:00:00:00:00:00',
111
				internal: true,
112
				cidr: '127.0.0.1/8',
113
			},
114
		],
115
	});
116

117
	const result = isDeniedIp(sample.ip);
118

119
	expect(result).toBe(true);
120
});
121