Fix geolocation and network info display for CIDR ranges

Author: guimard

dashboard/app/api/ip-info/[ip]/route.ts

@@ -2,12 +2,38 @@ import { NextRequest, NextResponse } from 'next/server';
 import { isIP } from 'net';
 import { getApiConfig, getApiHeaders } from '@/lib/api-config';
 
+/**
+ * Extract the base IP from a value that may be an IP or CIDR notation.
+ * Handles both decoded ("/") and URL-encoded ("%2F") slashes.
+ * For example: "185.226.196.0/24" -> "185.226.196.0"
+ */
+function extractIpFromValue(value: string): string {
+  // First try to decode in case Next.js didn't decode %2F
+  let decoded = value;
+  try {
+    decoded = decodeURIComponent(value);
+  } catch {
+    // Already decoded or invalid encoding, use as-is
+  }
+  const slashIndex = decoded.indexOf('/');
+  return slashIndex !== -1 ? decoded.substring(0, slashIndex) : decoded;
+}
+
 export async function GET(request: NextRequest, { params }: { params: Promise<{ ip: string }> }) {
   const { apiBase } = getApiConfig();
-  const { ip } = await params;
+  const { ip: rawIp } = await params;
+
+  // Decode the IP in case it contains URL-encoded characters
+  let ip = rawIp;
+  try {
+    ip = decodeURIComponent(rawIp);
+  } catch {
+    // Already decoded or invalid encoding
+  }
 
-  // Validate IP address format before forwarding to backend
-  if (!isIP(ip)) {
+  // Extract base IP if this is a CIDR range, then validate
+  const baseIp = extractIpFromValue(ip);
+  if (!isIP(baseIp)) {
     return NextResponse.json({ error: 'Invalid IP address format' }, { status: 400 });
   }
 

dashboard/app/api/ip-info/route.ts

@@ -0,0 +1,49 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { isIP } from 'net';
+import { getApiConfig, getApiHeaders } from '@/lib/api-config';
+
+/**
+ * Extract the base IP from a value that may be an IP or CIDR notation.
+ * For example: "185.226.196.0/24" -> "185.226.196.0"
+ */
+function extractIpFromValue(value: string): string {
+  const slashIndex = value.indexOf('/');
+  return slashIndex !== -1 ? value.substring(0, slashIndex) : value;
+}
+
+/**
+ * GET /api/ip-info?ip=...
+ * Accepts IP addresses or CIDR notation via query parameter.
+ * This avoids URL routing issues with %2F in path segments.
+ */
+export async function GET(request: NextRequest) {
+  const { apiBase } = getApiConfig();
+  const ip = request.nextUrl.searchParams.get('ip');
+
+  if (!ip) {
+    return NextResponse.json({ error: 'Missing ip parameter' }, { status: 400 });
+  }
+
+  // Extract base IP if this is a CIDR range, then validate
+  const baseIp = extractIpFromValue(ip);
+  if (!isIP(baseIp)) {
+    return NextResponse.json({ error: 'Invalid IP address format' }, { status: 400 });
+  }
+
+  try {
+    const res = await fetch(`${apiBase}/api/ip-info/${encodeURIComponent(ip)}`, {
+      cache: 'no-store',
+      headers: getApiHeaders(),
+    });
+
+    if (!res.ok) {
+      const error = await res.json().catch(() => ({ error: 'Failed to fetch IP info' }));
+      return NextResponse.json(error, { status: res.status });
+    }
+
+    const data = await res.json();
+    return NextResponse.json(data);
+  } catch {
+    return NextResponse.json({ error: 'Failed to fetch IP info' }, { status: 500 });
+  }
+}

dashboard/components/IPInfoPanel.tsx

@@ -25,8 +25,8 @@ export function IPInfoPanel({ ip }: IPInfoPanelProps) {
         setLoading(true);
         setError(null);
 
-        // Authentication is handled server-side by /api/ip-info/[ip]/route.ts
-        const res = await fetchWithAuth(`/api/ip-info/${encodeURIComponent(ip)}`);
+        // Use query parameter to avoid URL routing issues with CIDR notation (%2F)
+        const res = await fetchWithAuth(`/api/ip-info?ip=${encodeURIComponent(ip)}`);
 
         if (!res.ok) {
           throw new Error('Failed to fetch IP info');

src/ipinfo/index.ts

@@ -18,6 +18,15 @@ export interface WhoisSummary {
   abuse?: string;
 }
 
+/**
+ * Extract the IP address from a value that may be an IP or CIDR notation.
+ * For example: "192.168.1.0/24" -> "192.168.1.0", "10.0.0.1" -> "10.0.0.1"
+ */
+export function extractIpFromValue(value: string): string {
+  const slashIndex = value.indexOf('/');
+  return slashIndex !== -1 ? value.substring(0, slashIndex) : value;
+}
+
 // WHOIS servers by registry
 const WHOIS_SERVERS: Record<string, string> = {
   ARIN: 'whois.arin.net',
@@ -285,8 +294,11 @@ export async function whoisLookup(ip: string): Promise<WhoisSummary | null> {
  * Results are cached for 1 hour to reduce load on WHOIS servers
  */
 export async function getIPInfo(ip: string): Promise<IPInfo> {
+  // Extract base IP if this is a CIDR range
+  const baseIp = extractIpFromValue(ip);
+
   // Validate IP address
-  if (!net.isIP(ip)) {
+  if (!net.isIP(baseIp)) {
     return {
       ip,
       reverseDns: [],
@@ -295,14 +307,14 @@ export async function getIPInfo(ip: string): Promise<IPInfo> {
     };
   }
 
-  // Check cache first
+  // Check cache first (use original input as cache key to differentiate)
   const cached = ipInfoCache.get(ip);
   if (cached) {
     return cached;
   }
 
-  // Run lookups in parallel
-  const [reverseDns, whois] = await Promise.all([reverseDnsLookup(ip), whoisLookup(ip)]);
+  // Run lookups in parallel using the base IP
+  const [reverseDns, whois] = await Promise.all([reverseDnsLookup(baseIp), whoisLookup(baseIp)]);
 
   const result: IPInfo = {
     ip,

src/proxy/routes/api.ts

@@ -1,7 +1,7 @@
 import { FastifyPluginAsync, FastifyRequest, FastifyReply } from 'fastify';
 import { timingSafeEqual, createHash } from 'crypto';
 import net from 'net';
-import { getIPInfo } from '../../ipinfo/index.js';
+import { getIPInfo, extractIpFromValue } from '../../ipinfo/index.js';
 import type { LapiServer } from '../../config/index.js';
 import { getAnalyzerEngine } from '../../analyzers/index.js';
 
@@ -411,8 +411,11 @@ const apiRoutes: FastifyPluginAsync = async (fastify) => {
     try {
       const { ip } = request.params;
 
+      // Extract base IP if this is a CIDR range
+      const baseIp = extractIpFromValue(ip);
+
       // Validate IP address using Node's net module (handles IPv4 and IPv6 correctly)
-      if (!net.isIP(ip)) {
+      if (!net.isIP(baseIp)) {
         return reply.code(400).send({ error: 'Invalid IP address format' });
       }
 

src/storage/index.ts

@@ -4,6 +4,7 @@ import type { Alert } from '../models/alert.js';
 import type { FilterEngineResult } from '../filters/types.js';
 import { getDatabaseContext } from '../db/index.js';
 import type { GeoIPInfo } from '../models/alert.js';
+import { extractIpFromValue } from '../ipinfo/index.js';
 
 /**
  * Escape SQL LIKE wildcards to prevent injection.
@@ -87,7 +88,8 @@ export function createStorage(): AlertStorage {
         const alert = alerts[i];
         const detail = filterDetails[i];
         // Validate IP before GeoIP lookup to avoid silent failures
-        const ipToLookup = alert.source.ip || alert.source.value || '';
+        const rawIpValue = alert.source.ip || alert.source.value || '';
+        const ipToLookup = extractIpFromValue(rawIpValue);
         const geoip = net.isIP(ipToLookup) ? geoipLookup?.(ipToLookup) || null : null;
 
         const insertQuery = db

tests/ipinfo.test.ts

@@ -4,6 +4,7 @@ import {
   reverseDnsLookup,
   parseWhoisResponse,
   detectRir,
+  extractIpFromValue,
 } from '../src/ipinfo/index.js';
 
 describe('IP Info Module', () => {
@@ -164,6 +165,26 @@ netname:        RIPE-NCC
     });
   });
 
+  describe('extractIpFromValue', () => {
+    it('should extract IP from CIDR notation', () => {
+      expect(extractIpFromValue('192.168.1.0/24')).toBe('192.168.1.0');
+      expect(extractIpFromValue('10.0.0.0/8')).toBe('10.0.0.0');
+      expect(extractIpFromValue('2001:db8::/32')).toBe('2001:db8::');
+    });
+
+    it('should return IP as-is when no CIDR', () => {
+      expect(extractIpFromValue('192.168.1.1')).toBe('192.168.1.1');
+      expect(extractIpFromValue('10.0.0.1')).toBe('10.0.0.1');
+      expect(extractIpFromValue('2001:db8::1')).toBe('2001:db8::1');
+    });
+
+    it('should handle edge cases', () => {
+      expect(extractIpFromValue('')).toBe('');
+      expect(extractIpFromValue('/')).toBe('');
+      expect(extractIpFromValue('invalid')).toBe('invalid');
+    });
+  });
+
   describe('getIPInfo', () => {
     it('should return error for invalid IP address', async () => {
       const result = await getIPInfo('not-an-ip');
@@ -195,6 +216,20 @@ netname:        RIPE-NCC
       expect(result.ip).toBe('::1');
       expect(result.error).toBeUndefined();
     });
+
+    it('should accept CIDR notation and extract base IP', async () => {
+      const result = await getIPInfo('192.168.1.0/24');
+
+      expect(result.ip).toBe('192.168.1.0/24');
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should return error for invalid CIDR notation', async () => {
+      const result = await getIPInfo('not-an-ip/24');
+
+      expect(result.ip).toBe('not-an-ip/24');
+      expect(result.error).toBe('Invalid IP address');
+    });
   });
 
   describe('reverseDnsLookup', () => {