fix: update IP address literals detection routines

darora · darora · commit 37be2a349bb9 · 2025-04-06T11:47:06.000+08:00
The simpler regexps used earlier supported one of numerous IPv6
literal formats. The updated implementation uses a more comprehensive
library.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -64,6 +64,7 @@
     "fs-xattr": "0.3.1",
     "glob": "^11.0.0",
     "ioredis": "^5.2.4",
+    "ip-address": "^10.0.1",
     "jsonwebtoken": "^9.0.2",
     "knex": "^3.1.0",
     "lru-cache": "^10.2.0",
diff --git a/src/internal/database/util.ts b/src/internal/database/util.ts
@@ -1,5 +1,6 @@
 import { logger } from '@internal/monitoring'
 import { ConnectionOptions } from 'tls'
+import ipAddr from 'ip-address'
 
 export function getSslSettings({
   connectionString,
@@ -27,10 +28,7 @@ export function getSslSettings({
 }
 
 export function isIpAddress(ip: string) {
-  const ipv4Pattern = /^(\d{1,3}\.){3}\d{1,3}$/
-  const ipv6Pattern = /^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$/
-
-  // IP might be URL-encoded and won't match the regex unless we decode first
+  // IP might be URL-encoded
   const decodedIp = decodeURIComponent(ip)
-  return ipv4Pattern.test(decodedIp) || ipv6Pattern.test(decodedIp)
+  return ipAddr.Address6.isValid(decodedIp) || ipAddr.Address4.isValid(decodedIp)
 }
