fix: bypass cacheable-lookup when resolving localhost

fix: bypass cache-able lookups when resolving localhost
fix(auth): validation of ipv6/ipv4 (#812 )
2025-12-24 02:39:18 -05:00 · 2024-06-13 00:14:30 +02:00 · 2024-06-13 01:13:07 +05:00 · 2024-06-12 18:50:00 +05:00
2 changed files with 27 additions and 2 deletions
--- a/server/index.ts
+++ b/server/index.ts
@@ -27,6 +27,7 @@ import type CacheableLookupType from 'cacheable-lookup';
 import { TypeormStore } from 'connect-typeorm/out';
 import cookieParser from 'cookie-parser';
 import csurf from 'csurf';
+import { lookup } from 'dns';
 import type { NextFunction, Request, Response } from 'express';
 import express from 'express';
 import * as OpenApiValidator from 'express-openapi-validator';
@@ -54,6 +55,19 @@ app
    const CacheableLookup = (await _importDynamic('cacheable-lookup'))
      .default as typeof CacheableLookupType;
    const cacheable = new CacheableLookup();
+
+    const originalLookup = cacheable.lookup;
+
+    // if hostname is localhost use dns.lookup instead of cacheable-lookup
+    cacheable.lookup = (...args: any) => {
+      const [hostname] = args;
+      if (hostname === 'localhost') {
+        lookup(...(args as Parameters<typeof lookup>));
+      } else {
+        originalLookup(...(args as Parameters<typeof originalLookup>));
+      }
+    };
+
    cacheable.install(http.globalAgent);
    cacheable.install(https.globalAgent);

--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -14,6 +14,7 @@ import { ApiError } from '@server/types/error';
 import * as EmailValidator from 'email-validator';
 import { Router } from 'express';
 import gravatarUrl from 'gravatar-url';
+import net from 'net';

 const authRoutes = Router();

@@ -271,11 +272,21 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
      ? jellyfinHost.slice(0, -1)
      : jellyfinHost;

-    const ip = req.ip ? req.ip.split(':').reverse()[0] : undefined;
+    const ip = req.ip;
+    let clientIp;
+
+    if (ip) {
+      if (net.isIPv4(ip)) {
+        clientIp = ip;
+      } else if (net.isIPv6(ip)) {
+        clientIp = ip.startsWith('::ffff:') ? ip.substring(7) : ip;
+      }
+    }
+
    const account = await jellyfinserver.login(
      body.username,
      body.password,
-      ip
+      clientIp
    );

    // Next let's see if the user already exists
Author	SHA1	Message	Date
Gauthier	906ca61b60	fix: bypass cacheable-lookup when resolving localhost	2024-06-13 00:14:30 +02:00
fallenbagel	0342127058	fix: bypass cache-able lookups when resolving localhost	2024-06-13 01:13:07 +05:00
Fallenbagel	9aeb3604e6	fix(auth): validation of ipv6/ipv4 (#812 ) validation for ipv6 was sort of broken where for example `::1` was being sent as `1`, therefore, logins were broken. This PR fixes it by using nodejs `net.isIPv4()` & `net.isIPv6` for ipv4 and ipv6 validation. possibly related to and fixes #795	2024-06-12 18:50:00 +05:00