fix: handle multicast ips in add ip (#4129)

- add isPublicIp to validators
- add unit tests to isPublicIP validator
- refactor the validation logic in add_ip.vue

Author: 0oM4R

packages/playground/src/dashboard/components/add_ip.vue

@@ -17,8 +17,12 @@
               ></v-select>
               <input-validator
                 :value="publicIP"
-                :rules="[validators.required('IP is required.'), validators.isIPRange('Not a valid IP')]"
-                :async-rules="[ipcheck]"
+                :rules="[
+                  validators.required('IP is required.'),
+                  validators.isIPRange('Not a valid IP'),
+                  validators.isPublicIP(),
+                ]"
+                :async-rules="[isExistingIp]"
                 #="{ props }"
               >
                 <input-tooltip tooltip="IP address in CIDR format xxx.xxx.xxx.xxx/xx">
@@ -36,8 +40,13 @@
               <input-validator
                 v-if="type === IPType.range"
                 :value="toPublicIP"
-                :rules="[validators.required('IP is required.'), validators.isIPRange('Not a valid IP')]"
-                :async-rules="[toIpCheck]"
+                :rules="[
+                  validators.required('IP is required.'),
+                  validators.isIPRange('Not a valid IP'),
+                  validators.isPublicIP(),
+                  toIpCheck,
+                ]"
+                :async-rules="[isExistingIp]"
                 #="{ props }"
               >
                 <input-tooltip tooltip="IP address in CIDR format xxx.xxx.xxx.xxx/xx">
@@ -134,7 +143,6 @@
 import { TFChainError } from "@threefold/tfchain_client";
 import { contains } from "cidr-tools";
 import { getIPRange } from "get-ip-range";
-import { default as PrivateIp } from "private-ip";
 import { ref, watch } from "vue";
 
 import { gqlClient } from "@/clients";
@@ -181,22 +189,6 @@ export default {
       { deep: true },
     );
 
-    async function ipcheck() {
-      if (PrivateIp(publicIP.value.split("/")[0])) {
-        return {
-          message: "IP is not public",
-        };
-      }
-
-      if (await IpExistsCheck(publicIP.value)) {
-        return {
-          message: "IP exists.",
-        };
-      }
-
-      return undefined;
-    }
-
     watch(
       type,
       () => {
@@ -208,7 +200,15 @@ export default {
       const ips = await gqlClient.publicIps({ ip: true }, { where: { ip_eq: pubIp } });
       return ips.length > 0;
     }
-    async function toIpCheck() {
+    async function isExistingIp(ip: string) {
+      if (await IpExistsCheck(ip)) {
+        return {
+          message: "IP exists.",
+        };
+      }
+      return undefined;
+    }
+    function toIpCheck() {
       if (toPublicIP.value.split("/")[1] !== publicIP.value.split("/")[1]) {
         return {
           message: "Subnet is different.",
@@ -241,17 +241,6 @@ export default {
           message: "Range must not exceed 16.",
         };
       }
-      if (PrivateIp(publicIP.value.split("/")[0])) {
-        return {
-          message: "IP is not public.",
-        };
-      }
-      if (await IpExistsCheck(toPublicIP.value)) {
-        return {
-          message: "IP exists.",
-        };
-      }
-      return undefined;
     }
 
     function gatewayCheck() {
@@ -399,7 +388,7 @@ export default {
       showRange,
       addIPs,
       addFarmIp,
-      ipcheck,
+      isExistingIp,
       toIpCheck,
       gatewayCheck,
     };

packages/playground/src/utils/validators.ts

@@ -1,4 +1,5 @@
 import type { GridClient } from "@threefold/grid_client";
+import { default as PrivateIp } from "private-ip";
 import StellarSdk from "stellar-sdk";
 import validator from "validator";
 import type { Options } from "validator/lib/isBoolean";
@@ -406,6 +407,16 @@ export function isIPRange(msg: string, options?: validator.IPVersion) {
   };
 }
 
+export function isPublicIP(msg = "IP is not public") {
+  return (ip: string) => {
+    const firstOctet = parseInt(ip.split(".")[0], 10);
+    const isMulticast = firstOctet >= 224 && firstOctet <= 239;
+    if (isMulticast || PrivateIp(ip.split("/")[0])) {
+      return { message: msg };
+    }
+  };
+}
+
 export function isISBN(msg: string, options?: validator.ISBNVersion) {
   return (value: string) => {
     if (!validator.isISBN(value, options)) {

packages/playground/tests/utils/ip.test.ts

@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 
 import { ipToLong, longToIp } from "../../src/utils/ip";
+import { isPublicIP } from "../../src/utils/validators";
 
 describe("ipToLong", () => {
   it('should convert IPv4 "0.0.0.0" to 0', () => {
@@ -57,3 +58,42 @@ describe("longToIp", () => {
     expect(longToIp(long)).toBe(ip);
   });
 });
+
+describe("isPublicIP", () => {
+  const validPublicIPs = ["8.8.8.8", "8.8.8.8/24", "172.32.0.1", "192.169.0.1", "11.12.13.14", "104.25.129.30"];
+
+  const invalidPublicIPs = [
+    // Private IPs
+    "10.0.0.1",
+    "172.16.0.1",
+    "192.168.0.1",
+    // Loopback
+    "127.0.0.1",
+    // Link-local
+    "169.254.0.1",
+    // Multicast
+    "224.0.0.1",
+    "232.229.60.203",
+    "239.255.255.255",
+    // Reserved
+    "240.0.0.1",
+    "255.255.255.255",
+    // Documentation and example ranges
+    "192.0.2.1", // TEST-NET-1
+    "198.51.100.1", // TEST-NET-2
+    "203.0.113.1", // TEST-NET-3
+  ];
+
+  it.each(validPublicIPs)("should return undefined for valid public IP %s", ip => {
+    expect(isPublicIP()(ip)).toBeUndefined();
+  });
+
+  it.each(invalidPublicIPs)("should return an error message for invalid public IP %s", ip => {
+    expect(isPublicIP()(ip)).toEqual({ message: "IP is not public" });
+  });
+
+  it("should return a custom error message when provided", () => {
+    const customMessage = "Custom error message";
+    expect(isPublicIP(customMessage)("10.0.0.1")).toEqual({ message: customMessage });
+  });
+});