Normalize IPs during localhost loopback proxying

pimterry · pimterry · commit a9318afd37fd · 2024-11-27T16:28:23.000+01:00
This shouldn't be visible externally - it just affects internal address
resolution logic.

This is useful because of cacheable-lookup#85 - in Node v20.12+ IPv6 IP
DNS resolution can fail in unusual ways, so we'd rather preserve IPv4
traffic in simple IPv4 format where possible.

The 'better' solution for this would be cacheable-lookup correctly
resolving this address as dns.lookup does, or some kind of wrapper that
avoids resolving IPs entirely (it's just inefficient and asking for
trouble really).
diff --git a/src/rules/passthrough-handling.ts b/src/rules/passthrough-handling.ts
@@ -8,7 +8,7 @@ import CacheableLookup from 'cacheable-lookup';
 import { CompletedBody, Headers } from '../types';
 import { byteLength } from '../util/util';
 import { asBuffer } from '../util/buffer-utils';
-import { isLocalhostAddress } from '../util/socket-util';
+import { isLocalhostAddress, normalizeIP } from '../util/socket-util';
 import { CachedDns, dnsLookup, DnsLookupFunction } from '../util/dns';
 import { isMockttpBody, encodeBodyBuffer } from '../util/request-utils';
 import { areFFDHECurvesSupported } from '../util/openssl-compat';
@@ -366,7 +366,7 @@ export async function getClientRelativeHostname(
         // effectively free. We ignore errors to delegate unresolvable etc to request processing later.
         isLocalhostAddress(await dnsLookup(lookupFn, hostname).catch(() => null))
     ) {
-        return remoteIp;
+        return normalizeIP(remoteIp) as string | null;
 
         // Note that we just redirect - we don't update the host header. From the POV of the target, it's still
         // 'localhost' traffic that should appear identical to normal.
diff --git a/src/util/socket-util.ts b/src/util/socket-util.ts
@@ -37,9 +37,9 @@ export const isLocalIPv6Available = isNode
     )
     : true;
 
-// We need to normalize ips for comparison, because the same ip may be reported as ::ffff:127.0.0.1
-// and 127.0.0.1 on the two sides of the connection, for the same ip.
-const normalizeIp = (ip: string | null | undefined) =>
+// We need to normalize ips some cases (especially comparisons), because the same ip may be reported
+// as ::ffff:127.0.0.1 and 127.0.0.1 on the two sides of the connection, for the same ip.
+export const normalizeIP = (ip: string | null | undefined) =>
     (ip && ip.startsWith('::ffff:'))
         ? ip.slice('::ffff:'.length)
         : ip;
@@ -49,7 +49,7 @@ export const isLocalhostAddress = (host: string | null | undefined) =>
         host === 'localhost' || // Most common
         host.endsWith('.localhost') ||
         host === '::1' || // IPv6
-        normalizeIp(host)!.match(/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) // 127.0.0.0/8 range
+        normalizeIP(host)!.match(/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) // 127.0.0.0/8 range
     );
 
 
@@ -68,7 +68,7 @@ export const isSocketLoop = (outgoingSockets: net.Socket[] | Set<net.Socket>, in
             // will be undefined. If so, we know they're not relevant to loops, so skip entirely.
             return false;
         } else {
-            return normalizeIp(outgoingSocket.localAddress) === normalizeIp(incomingSocket.remoteAddress) &&
+            return normalizeIP(outgoingSocket.localAddress) === normalizeIP(incomingSocket.remoteAddress) &&
                 outgoingSocket.localPort === incomingSocket.remotePort;
         }
     });
