From 3bd3fb8d9ca242c328881f54bed17e46d50cf9de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Belli?= Date: Wed, 22 Nov 2023 21:24:04 +0100 Subject: [PATCH] fix: useragent and ip detection in password express endpoint --- packages/password/package.json | 4 +++- packages/password/src/endpoints/express.ts | 16 ++++++++++++---- packages/rest-express/src/express-middleware.ts | 6 ++---- yarn.lock | 2 ++ 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/packages/password/package.json b/packages/password/package.json index 85e4d0836..b97e9366d 100644 --- a/packages/password/package.json +++ b/packages/password/package.json @@ -29,7 +29,8 @@ "dependencies": { "@accounts/two-factor": "^0.32.4", "bcryptjs": "2.4.3", - "express-validator": "^7.0.1" + "express-validator": "^7.0.1", + "request-ip": "3.3.0" }, "devDependencies": { "@accounts/server": "^0.33.1", @@ -37,6 +38,7 @@ "@types/bcryptjs": "2.4.6", "@types/express": "^4.17.21", "@types/lodash.set": "4.3.9", + "@types/request-ip": "0.0.41", "graphql": "16.8.1", "graphql-modules": "3.0.0-alpha-20231106133212-0b04b56e", "lodash.set": "4.3.2", diff --git a/packages/password/src/endpoints/express.ts b/packages/password/src/endpoints/express.ts index aa2c87edd..0d9f2b42f 100644 --- a/packages/password/src/endpoints/express.ts +++ b/packages/password/src/endpoints/express.ts @@ -2,6 +2,7 @@ import { type Injector } from 'graphql-modules'; import type { Request, Response, NextFunction } from 'express'; import AccountsPassword from '../accounts-password'; import { body, matchedData, param, validationResult } from 'express-validator'; +import { getClientIp } from 'request-ip'; function matchOrThrow = Record>( ...args: Parameters @@ -12,6 +13,15 @@ function matchOrThrow = Record>( return matchedData(...args) as T; } +const getUserAgent = (req: Request) => { + let userAgent: string = (req.headers['user-agent'] as string) || ''; + if (req.headers['x-ucbrowser-ua']) { + // special case of UC Browser + userAgent = req.headers['x-ucbrowser-ua'] as string; + } + return userAgent; +}; + function getHtml(title: string, body: string) { return ` @@ -30,11 +40,9 @@ function getHtml(title: string, body: string) { } export const infosMiddleware = (req: Request, _res: Response, next: NextFunction) => { - const userAgent = 'userAgent'; - const ip = 'ip'; req.infos = { - userAgent, - ip, + userAgent: getUserAgent(req), + ip: getClientIp(req) ?? req.ip, }; next(); }; diff --git a/packages/rest-express/src/express-middleware.ts b/packages/rest-express/src/express-middleware.ts index 8232f11b4..f9e9faaef 100644 --- a/packages/rest-express/src/express-middleware.ts +++ b/packages/rest-express/src/express-middleware.ts @@ -41,11 +41,9 @@ const accountsExpress = ( * Middleware to populate the user agent and ip. */ router.use((req, _, next) => { - const userAgent = getUserAgent(req); - const ip = getClientIp(req)!; req.infos = { - userAgent, - ip, + userAgent: getUserAgent(req), + ip: getClientIp(req) ?? req.ip, }; next(); diff --git a/yarn.lock b/yarn.lock index ddb5e59e6..419659c20 100644 --- a/yarn.lock +++ b/yarn.lock @@ -412,12 +412,14 @@ __metadata: "@types/bcryptjs": "npm:2.4.6" "@types/express": "npm:^4.17.21" "@types/lodash.set": "npm:4.3.9" + "@types/request-ip": "npm:0.0.41" bcryptjs: "npm:2.4.3" express-validator: "npm:^7.0.1" graphql: "npm:16.8.1" graphql-modules: "npm:3.0.0-alpha-20231106133212-0b04b56e" lodash.set: "npm:4.3.2" reflect-metadata: "npm:0.1.13" + request-ip: "npm:3.3.0" peerDependencies: "@accounts/server": ^0.33.0 graphql: ^14.0.0 || ^15.0.0 || ^16.0.0