IPAddress and NetworkTypes changes

- IPAddressExtensions
- EnumExtensions
- fixed IPv6 Remote addresses for NetworkFilterMiddleware

Author: pandinocoder

.editorconfig

@@ -136,9 +136,12 @@ csharp_preserve_single_line_blocks = true
 csharp_style_namespace_declarations = file_scoped:silent
 
 # ReSharper properties
+resharper_csharp_wrap_after_declaration_lpar = true
 resharper_csharp_wrap_after_invocation_lpar = true
 resharper_csharp_wrap_arguments_style = chop_if_long
+resharper_csharp_wrap_before_declaration_rpar = true
 resharper_csharp_wrap_before_invocation_rpar = true
+resharper_csharp_wrap_parameters_style = chop_if_long
 resharper_keep_existing_invocation_parens_arrangement = false
 resharper_keep_existing_property_patterns_arrangement = false
 resharper_max_invocation_arguments_on_line = 3

Framework/Intersect.Framework/EnumExtensions.cs

@@ -0,0 +1,7 @@
+namespace Intersect.Framework;
+
+public static class EnumExtensions
+{
+    public static TEnum[] GetFlags<TEnum>(this TEnum @enum) where TEnum : struct, Enum =>
+        Enum.GetValues<TEnum>().Where(flag => !flag.Equals(default(TEnum)) && @enum.HasFlag(flag)).ToArray();
+}

Framework/Intersect.Framework/Net/IPAddressExtensions.cs

@@ -0,0 +1,70 @@
+
+using System.Net;
+
+namespace Intersect.Framework.Net;
+
+public static class IPAddressExtensions
+{
+    private static readonly Dictionary<NetworkTypes, IPRange[]> IPRangesForNetworkType = new()
+    {
+        {
+            NetworkTypes.Loopback, [
+                new IPRange(IPAddress.Parse("::1")),
+                new IPRange(IPAddress.Parse("0.0.0.0"), IPAddress.Parse("0.255.255.255")),
+                new IPRange(IPAddress.Parse("127.0.0.0"), IPAddress.Parse("127.255.255.255")),
+            ]
+        },
+        {
+            NetworkTypes.Subnet, [
+                new IPRange(IPAddress.Parse("fe80::"), IPAddress.Parse("fe80::ffff:ffff:ffff:ffff")),
+                new IPRange(IPAddress.Parse("169.254.0.0"), IPAddress.Parse("169.254.255.255")),
+                new IPRange(IPAddress.Parse("255.255.255.255")),
+            ]
+        },
+        {
+            NetworkTypes.PrivateNetwork, [
+                new IPRange(IPAddress.Parse("fc00::"), IPAddress.Parse("fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")),
+                new IPRange(IPAddress.Parse("::ffff:10.0.0.0"), IPAddress.Parse("::ffff:10.255.255.255")),
+                // new IpRange(IPAddress.Parse("100.64.0.0"), IPAddress.Parse("100.127.255.255")),
+                // new IpRange(IPAddress.Parse("172.16.0.0"), IPAddress.Parse("172.31.255.255")),
+                // new IpRange(IPAddress.Parse("192.0.0.0"), IPAddress.Parse("192.0.0.255")),
+                // new IpRange(IPAddress.Parse("192.168.0.0"), IPAddress.Parse("192.168.255.255")),
+                // new IpRange(IPAddress.Parse("192.18.0.0"), IPAddress.Parse("192.19.255.255")),
+                new IPRange(IPAddress.Parse("10.0.0.0"), IPAddress.Parse("10.255.255.255")),
+                new IPRange(IPAddress.Parse("100.64.0.0"), IPAddress.Parse("100.127.255.255")),
+                new IPRange(IPAddress.Parse("172.16.0.0"), IPAddress.Parse("172.31.255.255")),
+                new IPRange(IPAddress.Parse("192.0.0.0"), IPAddress.Parse("192.0.0.255")),
+                new IPRange(IPAddress.Parse("192.168.0.0"), IPAddress.Parse("192.168.255.255")),
+                new IPRange(IPAddress.Parse("192.18.0.0"), IPAddress.Parse("192.19.255.255")),
+            ]
+        },
+    };
+
+    public static bool IsLoopback(this IPAddress address) => MatchesNetworkTypes(address, NetworkTypes.Loopback);
+
+    public static bool IsPrivate(this IPAddress address) => MatchesNetworkTypes(address, NetworkTypes.PrivateNetwork);
+
+    public static bool IsPublic(this IPAddress address) =>
+        IPRangesForNetworkType.Values.All(ipRanges => !ipRanges.Any(range => range.Contains(address)));
+
+    public static bool IsSubnet(this IPAddress address) => MatchesNetworkTypes(address, NetworkTypes.Subnet);
+
+    public static bool MatchesNetworkTypes(this IPAddress address, NetworkTypes networkTypes)
+    {
+        if (address.IsIPv4MappedToIPv6)
+        {
+            return MatchesNetworkTypes(address.MapToIPv4(), networkTypes);
+        }
+
+        if (networkTypes == NetworkTypes.Public)
+        {
+            return IsPublic(address);
+        }
+
+        var individualFlags = networkTypes.GetFlags();
+        return individualFlags.Any(
+            flag => IPRangesForNetworkType.TryGetValue(flag, out var ranges) &&
+                    ranges.Any(range => range.Contains(address))
+        );
+    }
+}

Framework/Intersect.Framework/Net/IPRange.cs

@@ -0,0 +1,65 @@
+using System.Net;
+using System.Net.Sockets;
+
+namespace Intersect.Framework.Net;
+
+public readonly record struct IPRange
+{
+    public AddressFamily AddressFamily { get; }
+    public byte[] Start { get; }
+    public byte[] End { get; }
+
+    public IPRange(IPAddress address)
+    {
+        ArgumentNullException.ThrowIfNull(address, nameof(address));
+
+        AddressFamily = address.AddressFamily;
+        Start = address.GetAddressBytes();
+        End = address.GetAddressBytes();
+    }
+
+    public IPRange(IPAddress start, IPAddress end)
+    {
+        ArgumentNullException.ThrowIfNull(start, nameof(start));
+        ArgumentNullException.ThrowIfNull(end, nameof(end));
+
+        if (start.AddressFamily != end.AddressFamily)
+        {
+            throw new ArgumentException("AddressFamily mismatch");
+        }
+
+        AddressFamily = start.AddressFamily;
+        Start = start.GetAddressBytes();
+        End = end.GetAddressBytes();
+    }
+
+    public bool Contains(IPAddress address)
+    {
+        ArgumentNullException.ThrowIfNull(address, nameof(address));
+
+        if (address.AddressFamily != AddressFamily)
+        {
+            return false;
+        }
+
+        var octets = address.GetAddressBytes();
+        if (Start.Length != End.Length || End.Length != octets.Length)
+        {
+            return false;
+        }
+
+        for (var index = 0; index < octets.Length; index++)
+        {
+            var start = Start[index];
+            var end = End[index];
+            var octet = octets[index];
+
+            if (octet < start || end < octet)
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}

Framework/Intersect.Framework/Net/NetworkTypes.cs

@@ -0,0 +1,10 @@
+namespace Intersect.Framework.Net;
+
+[Flags]
+public enum NetworkTypes
+{
+    Public = 0,
+    Loopback = 1,
+    Subnet = 2,
+    PrivateNetwork = 4,
+}

Framework/Intersect.Framework/Net/NetworkTypesExtensions.cs

@@ -0,0 +1,6 @@
+namespace Intersect.Framework.Net;
+
+public static class NetworkTypesExtensions
+{
+    public static readonly NetworkTypes[] Flags = Enum.GetValues<NetworkTypes>();
+}

Intersect.Server/Web/Net7/Configuration/ApiConfiguration.cs

@@ -1,16 +1,9 @@
 using System.Collections.Immutable;
 using System.ComponentModel;
-using System.Net;
-using System.Reflection;
-using System.Text.Json;
-using System.Text.Json.Serialization;
-using Intersect.Reflection;
-using Intersect.Server.Web.RestApi.Configuration;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Intersect.Framework.Net;
 using Microsoft.AspNetCore.Cors.Infrastructure;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Converters;
-using JsonConverter = System.Text.Json.Serialization.JsonConverter;
 using LogLevel = Intersect.Logging.LogLevel;
 
 namespace Intersect.Server.Web.Configuration;
@@ -31,7 +24,7 @@ public sealed partial class ApiConfiguration
     [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
     public bool Enabled { get; set; }
 
-    [Newtonsoft.Json.JsonIgnore] private ImmutableDictionary<string, CorsPolicy>? _corsPolicies;
+    [JsonIgnore] private ImmutableDictionary<string, CorsPolicy>? _corsPolicies;
 
     [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
     public ImmutableDictionary<string, CorsPolicy>? Cors

Intersect.Server/Web/Net7/IApiService.cs

@@ -1,6 +1,5 @@
 using Intersect.Core;
 using Intersect.Server.Web.Configuration;
-using Intersect.Server.Web.RestApi.Configuration;
 
 namespace Intersect.Server.Web;
 

Intersect.Server/Web/Net7/Middleware/NetworkFilterMiddleware.cs

@@ -1,14 +1,13 @@
 using System.Net;
-using Intersect.Server.Web.RestApi.Configuration;
-using Intersect.Server.Web.RestApi.Types;
+using Intersect.Framework.Net;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
 namespace Intersect.Server.Web.Middleware;
 
 internal static class NetworkFilterMiddleware
 {
-    private const string SCHEME_HTTPS = "https";
+    private const string SchemeHttps = "https";
 
     public static void UseNetworkFilterMiddleware(this WebApplication app, NetworkTypes allowedNetworkTypes)
     {
@@ -17,83 +16,32 @@ public static void UseNetworkFilterMiddleware(this WebApplication app, NetworkTy
             {
                 var request = context.Request;
 
-                if (SCHEME_HTTPS.Equals(request.Scheme, StringComparison.OrdinalIgnoreCase))
+                if (SchemeHttps.Equals(request.Scheme, StringComparison.OrdinalIgnoreCase))
                 {
                     await next.Invoke(context);
                     return;
                 }
 
-                if (!IPAddress.TryParse(context.Connection.RemoteIpAddress?.ToString() ?? string.Empty, out var remoteIpAddress))
+                if (!IPAddress.TryParse(
+                        context.Connection.RemoteIpAddress?.ToString() ?? string.Empty,
+                        out var remoteIpAddress
+                    ))
                 {
                     context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
                     return;
                 }
 
-                foreach (var networkTypeFlag in NetworkTypeFlags)
+                if (remoteIpAddress.MatchesNetworkTypes(allowedNetworkTypes))
                 {
-                    if (!allowedNetworkTypes.HasFlag(networkTypeFlag))
-                    {
-                        continue;
-                    }
-
-                    var ipRanges = IpRangesForNetworkType[networkTypeFlag];
-                    if (!ipRanges.Any(range => range.IsInRange(remoteIpAddress)))
-                    {
-                        continue;
-                    }
-
                     await next.Invoke(context);
                     return;
                 }
 
                 context.Response.StatusCode = (int)HttpStatusCode.UpgradeRequired;
-                context.Response.Headers["Upgrade"] = "TLS/1.2";
-                context.Response.Headers["Upgrade-Insecure-Requests"] = "1";
+                context.Response.Headers.Upgrade = "TLS/1.2";
+                context.Response.Headers.UpgradeInsecureRequests = "1";
                 await context.Response.WriteAsync("HTTPS Required");
             }
         );
     }
-
-    private static readonly IDictionary<NetworkTypes, IpRange[]> IpRangesForNetworkType = new Dictionary<NetworkTypes, IpRange[]>
-    {
-        {
-            NetworkTypes.Loopback,
-            new[]
-            {
-                new IpRange(IPAddress.Parse("::1")),
-                new IpRange(IPAddress.Parse("0.0.0.0"), IPAddress.Parse("0.255.255.255")),
-                new IpRange(IPAddress.Parse("127.0.0.0"), IPAddress.Parse("127.255.255.255"))
-            }
-        },
-        {
-            NetworkTypes.Subnet,
-            new[]
-            {
-                new IpRange(IPAddress.Parse("fe80::"), IPAddress.Parse("fe80::ffff:ffff:ffff:ffff")),
-                new IpRange(IPAddress.Parse("169.254.0.0"), IPAddress.Parse("169.254.255.255")),
-                new IpRange(IPAddress.Parse("255.255.255.255")),
-            }
-        },
-        {
-            NetworkTypes.PrivateNetwork,
-            new[]
-            {
-                new IpRange(IPAddress.Parse("fc00::"), IPAddress.Parse("fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")),
-                new IpRange(IPAddress.Parse("::ffff:10.0.0.0"), IPAddress.Parse("::ffff:10.255.255.255")),
-                // new IpRange(IPAddress.Parse("100.64.0.0"), IPAddress.Parse("100.127.255.255")),
-                // new IpRange(IPAddress.Parse("172.16.0.0"), IPAddress.Parse("172.31.255.255")),
-                // new IpRange(IPAddress.Parse("192.0.0.0"), IPAddress.Parse("192.0.0.255")),
-                // new IpRange(IPAddress.Parse("192.168.0.0"), IPAddress.Parse("192.168.255.255")),
-                // new IpRange(IPAddress.Parse("192.18.0.0"), IPAddress.Parse("192.19.255.255")),
-                new IpRange(IPAddress.Parse("10.0.0.0"), IPAddress.Parse("10.255.255.255")),
-                new IpRange(IPAddress.Parse("100.64.0.0"), IPAddress.Parse("100.127.255.255")),
-                new IpRange(IPAddress.Parse("172.16.0.0"), IPAddress.Parse("172.31.255.255")),
-                new IpRange(IPAddress.Parse("192.0.0.0"), IPAddress.Parse("192.0.0.255")),
-                new IpRange(IPAddress.Parse("192.168.0.0"), IPAddress.Parse("192.168.255.255")),
-                new IpRange(IPAddress.Parse("192.18.0.0"), IPAddress.Parse("192.19.255.255")),
-            }
-        }
-    };
-
-    private static readonly NetworkTypes[] NetworkTypeFlags = Enum.GetValues(typeof(NetworkTypes)).OfType<NetworkTypes>().ToArray();
 }