mirror of
https://github.com/MrUnknownDE/utools.git
synced 2026-04-24 00:13:45 +02:00
feat: Add initial backend server with various utility APIs, Sentry, logging, rate limiting, and a multi-arch Docker build workflow.
This commit is contained in:
@@ -5,7 +5,7 @@ const whois = require('whois-json');
|
||||
const pino = require('pino');
|
||||
|
||||
// Import utilities
|
||||
const { isValidIp, isValidDomain } = require('../utils');
|
||||
const { isValidIp, isValidDomain, isPrivateIp } = require('../utils');
|
||||
|
||||
// Logger for this module
|
||||
const logger = pino({ level: process.env.LOG_LEVEL || 'info' });
|
||||
@@ -26,6 +26,11 @@ router.get('/', async (req, res, next) => {
|
||||
return res.status(400).json({ success: false, error: 'Invalid domain name or IP address provided for WHOIS lookup.' });
|
||||
}
|
||||
|
||||
if (isValidIp(query) && isPrivateIp(query)) {
|
||||
logger.warn({ requestIp, query }, 'Attempt to WHOIS lookup private IP blocked');
|
||||
return res.status(403).json({ success: false, error: 'WHOIS lookup for private or local IP addresses is not supported.' });
|
||||
}
|
||||
|
||||
// Note: No isPrivateIp check here, as WHOIS for IPs might be desired regardless of range,
|
||||
// and domain lookups don't involve IP ranges.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user