Add IsIntranetIp check to IsAbroadIp function with tests

Co-authored-by: nomeguy <85475922+nomeguy@users.noreply.github.com>

Author: Copilot

ip/ip.go

@@ -14,7 +14,11 @@
 
 package ip
 
-import "fmt"
+import (
+	"fmt"
+
+	"github.com/casbin/caswaf/util"
+)
 
 func InitIpDb() {
 	err := Init("ip/17monipdb.dat")
@@ -24,6 +28,11 @@ func InitIpDb() {
 }
 
 func IsAbroadIp(ip string) bool {
+	// If it's an intranet IP, it's not abroad
+	if util.IsIntranetIp(ip) {
+		return false
+	}
+
 	info, err := Find(ip)
 	if err != nil {
 		fmt.Printf("error: ip = %s, error = %s\n", ip, err.Error())

ip/ip_test.go

@@ -0,0 +1,58 @@
+// Copyright 2024 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ip
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestIsAbroadIp(t *testing.T) {
+	// Change to the project root directory for the test
+	wd, _ := os.Getwd()
+	if filepath.Base(wd) == "ip" {
+		os.Chdir("..")
+	}
+
+	// Initialize the IP database
+	InitIpDb()
+
+	tests := []struct {
+		name     string
+		ip       string
+		expected bool
+	}{
+		// Intranet IPs should return false
+		{"Private 10.x.x.x", "10.0.0.1", false},
+		{"Private 192.168.x.x", "192.168.1.1", false},
+		{"Private 172.16.x.x", "172.16.0.1", false},
+		{"Loopback", "127.0.0.1", false},
+		{"Link-local", "169.254.1.1", false},
+
+		// Note: Testing public IPs requires the IP database to be properly loaded
+		// The actual behavior depends on the IP geolocation database content
+		// These tests verify that intranet IPs are handled correctly
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := IsAbroadIp(tt.ip)
+			if result != tt.expected {
+				t.Errorf("IsAbroadIp(%s) = %v, expected %v", tt.ip, result, tt.expected)
+			}
+		})
+	}
+}

util/network.go

@@ -14,7 +14,10 @@
 
 package util
 
-import "os"
+import (
+	"net"
+	"os"
+)
 
 var hostname = ""
 
@@ -30,3 +33,17 @@ func init() {
 func GetHostname() string {
 	return hostname
 }
+
+func IsIntranetIp(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return parsedIP.IsPrivate() || parsedIP.IsLoopback() || parsedIP.IsLinkLocalUnicast() || parsedIP.IsLinkLocalMulticast()
+}

util/network_test.go

@@ -0,0 +1,61 @@
+// Copyright 2023 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import "testing"
+
+func TestIsIntranetIp(t *testing.T) {
+	tests := []struct {
+		name     string
+		ip       string
+		expected bool
+	}{
+		// Private IPv4 addresses
+		{"Private 10.x.x.x", "10.0.0.1", true},
+		{"Private 192.168.x.x", "192.168.1.1", true},
+		{"Private 172.16.x.x", "172.16.0.1", true},
+		{"Private 172.31.x.x", "172.31.255.255", true},
+
+		// Loopback
+		{"Loopback IPv4", "127.0.0.1", true},
+		{"Loopback IPv6", "::1", true},
+
+		// Link-local
+		{"Link-local IPv4", "169.254.1.1", true},
+		{"Link-local IPv6", "fe80::1", true},
+
+		// Public IPs
+		{"Public Google DNS", "8.8.8.8", false},
+		{"Public Cloudflare DNS", "1.1.1.1", false},
+		{"Public IPv4", "123.45.67.89", false},
+
+		// With port
+		{"Private with port", "192.168.1.1:8080", true},
+		{"Public with port", "8.8.8.8:53", false},
+
+		// Invalid IPs
+		{"Invalid IP", "invalid", false},
+		{"Empty string", "", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := IsIntranetIp(tt.ip)
+			if result != tt.expected {
+				t.Errorf("IsIntranetIp(%s) = %v, expected %v", tt.ip, result, tt.expected)
+			}
+		})
+	}
+}