From e0df5429ceb9502901d52121d6d5872293da641c Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Sun, 24 Nov 2024 14:27:37 -0500
Subject: [PATCH] dev: add validator middleware

---
 src/backend/src/services/WebServerService.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/backend/src/services/WebServerService.js b/src/backend/src/services/WebServerService.js
index 4b795ed3b..f41d161cd 100644
--- a/src/backend/src/services/WebServerService.js
+++ b/src/backend/src/services/WebServerService.js
@@ -349,6 +349,21 @@ class WebServerService extends BaseService {
                 return res.status(400).send('Invalid Host header.');
             }
         })
+        
+        // Validate IP with any IP checkers
+        app.use(async (req, res, next)=>{
+            const svc_event = this.services.get('event');
+            const event = {
+                allow: true,
+                ip: req.headers?.['x-forwarded-for'] ||
+                    req.connection?.remoteAddress,
+            };
+            await svc_event.emit('ip.validate', event);
+            if ( ! event.allow ) {
+                return res.status(403).send('Forbidden');
+            }
+            next();
+        });
 
         // Web hooks need a router that occurs before JSON parse middleware
         // so that signatures of the raw JSON can be verified