refactor: change to check by prefix (#1)

Author: gulivero1773

CHANGELOG.md

@@ -0,0 +1,3 @@
+## 1.0.0 (2024-11-11)
+
+- Implement Allowed Host Middleware

Package.resolved

@@ -16,7 +16,7 @@ let package = Package(
     ],
     dependencies: [
         // 💧 A server-side Swift web framework.
-        .package(url: "https://github.com/vapor/vapor.git", from: "4.0.0"),
+        .package(url: "https://github.com/vapor/vapor.git", from: "4.115.0"),
     ],
     targets: [
         // Targets are the basic building blocks of a package, defining a module or a test suite.

Package.swift

@@ -39,12 +39,17 @@ public struct AllowedHostsMiddleware: AsyncMiddleware {
     public func respond(to request: Request, chainingTo next: AsyncResponder) async throws -> Response {
         request.logger.debug("IpAddress headers - \(String(describing: request.headers))")
         guard let ipAddress = request.remoteAddress?.ipAddress else {
-            request.application.logger.error("Access attempt without an authorized IP address")
+            request.application.logger.error("Access attempt without an authorized IP address. IP address: \(String(describing: request.remoteAddress?.ipAddress))")
             throw HostError.notAcceptable
         }
-        if !request.application.allowedHosts.contains(ipAddress) {
-            request.application.logger.error("Unauthorized access attempt from IP address: \(ipAddress)")
-            throw HostError.unauthorizedAccessAttempt
+        let parts = ipAddress.split(separator: ".")
+        let prefix = parts.dropLast().joined(separator: ".")
+        request.application.logger.debug("Prefix of IP address: \(prefix)")
+        for allowedHost in request.application.allowedHosts {
+            guard allowedHost.hasPrefix(prefix) else {
+                request.application.logger.error("Unauthorized access attempt from IP address: \(ipAddress)")
+                throw HostError.unauthorizedAccessAttempt
+            }
         }
         return try await next.respond(to: request)
     }

Sources/AllowedHostsMiddleware/AllowedHostsMiddleware.swift

@@ -24,15 +24,25 @@
 
 import Vapor
 
-/// Extension for core type representing a Vapor application.
 extension Application {
+    /// Stores and manages a list of allowed hostnames for the application.
+    /// This extension adds a typed storage property `allowedHosts` to the `Application`
+    /// instance. It uses Vapor's `StorageKey` mechanism to safely store and retrieve
+    /// an array of allowed hostnames, typically used for validating incoming requests
+    /// or enforcing CORS/security rules. If the value is not found in storage, an
+    /// error is logged and an empty array is returned.
     /// A `AllowedHostsKey` conform to StorageKey protocol
     private struct AllowedHostsKey: StorageKey {
         /// Less verbose typealias for `[String]`.
         typealias Value = [String]
     }
 
-    /// Setup `allowedHosts` in application storage
+    /// Gets or sets the list of allowed hosts for the application.
+    /// Accesses an array of strings representing allowed hostnames stored
+    /// in the application's storage. If accessed before a value is set,
+    /// the function logs an error and returns an empty array. Values assigned
+    /// to this property are persisted in `Application.Storage` via the
+    /// `AllowedHostsKey`.
     public var allowedHosts: [String] {
         get {
             guard let allowedHosts = storage[AllowedHostsKey.self] else {