prvent 0.0.0.0 & /0 gateways (#553)

This commit is contained in:
Sam Machin
2026-05-29 14:07:10 +01:00
committed by GitHub
parent dd755f8746
commit e0a9035d38
2 changed files with 64 additions and 9 deletions
+12 -5
View File
@@ -60,15 +60,22 @@ const validate = async(req, sid) => {
voip_carrier_sid = req.body.voip_carrier_sid;
if (!voip_carrier_sid) throw new DbErrorBadRequest('missing voip_carrier_sid');
}
if (netmask &&
process.env.JAMBONZ_MIN_GATEWAY_NETMASK &&
parseInt(netmask) < process.env.JAMBONZ_MIN_GATEWAY_NETMASK) {
throw new DbErrorBadRequest(
`netmask required to have value equal or greater than ${process.env.JAMBONZ_MIN_GATEWAY_NETMASK}`);
if (netmask !== undefined && netmask !== null) {
const mask = parseInt(netmask);
if (mask < 1 || mask > 32) {
throw new DbErrorBadRequest('netmask must be between 1 and 32');
}
if (process.env.JAMBONZ_MIN_GATEWAY_NETMASK && mask < process.env.JAMBONZ_MIN_GATEWAY_NETMASK) {
throw new DbErrorBadRequest(
`netmask required to have value equal or greater than ${process.env.JAMBONZ_MIN_GATEWAY_NETMASK}`);
}
}
if (hasWhitespace(ipv4)) {
throw new DbErrorBadRequest('Gateway must not contain whitespace');
}
if (ipv4 && net.isIPv4(ipv4) && ipv4 === '0.0.0.0') {
throw new DbErrorBadRequest('0.0.0.0 is not allowed as a gateway address');
}
if (inbound && !net.isIPv4(ipv4)) {
throw new DbErrorBadRequest('Inbound gateway must be IPv4 address');
}