From de951ad70ac7ac287864f06cb47e37e2ca85680c Mon Sep 17 00:00:00 2001
From: Xerxes-2 <dspxue@gmail.com>
Date: Wed, 23 Nov 2022 04:09:49 +1100
Subject: [PATCH] update IPv4 check and add IPv6 check in whitelist

Signed-off-by: Xerxes-2 <dspxue@gmail.com>
---
 flutter/lib/common/widgets/dialog.dart | 7 +++++--
 src/server/connection.rs               | 5 +----
 src/ui/index.tis                       | 3 ++-
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/flutter/lib/common/widgets/dialog.dart b/flutter/lib/common/widgets/dialog.dart
index 8fab02a77..a6de0384f 100644
--- a/flutter/lib/common/widgets/dialog.dart
+++ b/flutter/lib/common/widgets/dialog.dart
@@ -133,9 +133,12 @@ void changeWhiteList({Function()? callback}) async {
                 final ips =
                     newWhiteListField.trim().split(RegExp(r"[\s,;\n]+"));
                 // test ip
-                final ipMatch = RegExp(r"^\d+\.\d+\.\d+\.\d+(\/\d+)?$");
+                final ipMatch = RegExp(
+                    r"^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)(\/([1-9]|[1-2][0-9]|3[0-2])){0,1}$");
+                final ipv6Match = RegExp(
+                    r"^(((?:[0-9A-Fa-f]{1,4}))*((?::[0-9A-Fa-f]{1,4}))*::((?:[0-9A-Fa-f]{1,4}))*((?::[0-9A-Fa-f]{1,4}))*|((?:[0-9A-Fa-f]{1,4}))((?::[0-9A-Fa-f]{1,4})){7})(\/([1-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])){0,1}$");
                 for (final ip in ips) {
-                  if (!ipMatch.hasMatch(ip)) {
+                  if (!ipMatch.hasMatch(ip) && !ipv6Match.hasMatch(ip)) {
                     msg = "${translate("Invalid IP")} $ip";
                     setState(() {
                       isInProgress = false;
diff --git a/src/server/connection.rs b/src/server/connection.rs
index 50c91d057..a337d6022 100644
--- a/src/server/connection.rs
+++ b/src/server/connection.rs
@@ -632,10 +632,7 @@ impl Connection {
                 .is_none()
             && whitelist
                 .iter()
-                .filter(|x| match IpCidr::from_str(x) {
-                    Ok(cidr) => cidr.contains(addr.ip()),
-                    Err(_) => false,
-                })
+                .filter(|x| IpCidr::from_str(x).map_or(false, |y| y.contains(addr.ip())))
                 .next()
                 .is_none()
         {
diff --git a/src/ui/index.tis b/src/ui/index.tis
index 6b1d1b7c7..9dcd4f4c4 100644
--- a/src/ui/index.tis
+++ b/src/ui/index.tis
@@ -395,7 +395,8 @@ class MyIdMenu: Reactor.Component {
                 if (value) {
                     var values = value.split(/[\s,;\n]+/g);
                     for (var ip in values) {
-                        if (!ip.match(/^\d+\.\d+\.\d+\.\d+(\/\d+)?$/)) {
+                        if (!ip.match(/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)(\/([1-9]|[1-2][0-9]|3[0-2])){0,1}$/)
+                            && !ip.match(/^(((?:[0-9A-Fa-f]{1,4}))*((?::[0-9A-Fa-f]{1,4}))*::((?:[0-9A-Fa-f]{1,4}))*((?::[0-9A-Fa-f]{1,4}))*|((?:[0-9A-Fa-f]{1,4}))((?::[0-9A-Fa-f]{1,4})){7})(\/([1-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])){0,1}$/)) {
                             return translate("Invalid IP") + ": " + ip;
                         }
                     }