WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions

fix(cluster): pickIp() only treats 172.17.x as docker bridge, not all of RFC1918 172.16/12

Browse source
This commit is contained in:
Zac Gaetano 2026-05-21 21:27:15 -04:00
parent 00f3f2905f
commit 37767f9939
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
services/mam-api/src/routes/cluster.js
View file

@ -5,15 +5,16 @@ import { requireAuth } from '../middleware/auth.js';
const router = express.Router();
router.use(requireAuth);
// If the agent reported a Docker-bridge IP (172.16/12) but the request
// itself came from a real LAN address, prefer the request's source — the
// agent likely runs in bridge mode without NODE_IP set.
// If the agent reported Docker's default bridge IP (172.17.x) but the request
// itself came from a real LAN address, prefer the request source IP instead.
// We only check 172.17.x — the default docker0 bridge — not the full RFC1918
// 172.16/12 block, since real LANs (e.g. 172.18.91.x) fall in that range.
function pickIp(reportedIp, reqIp) {
const clean = (s) => (s || '').replace(/^::ffff:/, '');
const isBridge = (ip) => /^172\.(1[6-9]|2\d|3[01])\./.test(ip || '');
const isDockerBridge = (ip) => /^172\.17\./.test(ip || '');
const r = clean(reqIp);
if (!reportedIp) return r || null;
if (isBridge(reportedIp) && r && !isBridge(r)) return r;
if (isDockerBridge(reportedIp) && r && !isDockerBridge(r)) return r;
return reportedIp;
}