fix(webserver): Handle aborted connections gracefully

Hypfer · Dec 21, 2021 · b3e8024 · b3e8024
1 parent 78c84de
commit b3e8024
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/backend/lib/webserver/middlewares/ExternalAccessCheckMiddleware.js b/backend/lib/webserver/middlewares/ExternalAccessCheckMiddleware.js
@@ -8,11 +8,29 @@ const Logger = require("../../Logger");
  * @param {Function} next
  */
 module.exports = function checkExternalAccess(req, res, next) {
-    if (!isInSubnet.isPrivate(req.ip) && !isInSubnet.isLocalhost(req.ip)) {
+    if (isAllowed(req.ip)) {
+        next();
+    } else {
         Logger.warn(`Blocked external request to ${req.url} from ${req.ip}`);
 
         res.status(401).send("External access to Valetudo is blocked.");
-    } else {
-        next();
     }
 };
+
+
+function isAllowed(ip) {
+    let allowed = false;
+
+    try {
+        /* See https://github.com/jshttp/on-finished/issues/8 for why req.ip can be undefined
+           Quote:
+             req.url and such are strings. req.ip is a getter property that calls req.remoteAddress that is a getter
+             that does a network socket call, so its value depends on the state of the socket
+         */
+        allowed = ip !== undefined && (isInSubnet.isPrivate(ip) || isInSubnet.isLocalhost(ip));
+    } catch (e) {
+        Logger.warn("Error during external access check", e);
+    }
+
+    return allowed;
+}