[mirotalk] - add IP whitelist

.env.template

@@ -6,6 +6,13 @@ HTTPS=false # true or false
 
 HOST=localhost
 
+# IP whitelist
+# Access to the instance is restricted to only the specified IP addresses in the allowed list. This feature is disabled by default.
+
+IP_WHITELIST_ENABLED=false # true or false
+
+IP_WHITELIST_ALLOWED='["127.0.0.1", "::1"]'
+
 # Host protection
 # HOST_PROTECTED: When set to true, it requires a valid username and password from the HOST_USERS list to initialize or join a room.
 # HOST_USER_AUTH: When set to true, it also requires a valid username and password for joining the room.

app/src/server.js

@@ -38,7 +38,7 @@ dependencies: {
  * @license For commercial use or closed source, contact us at license.mirotalk@gmail.com or purchase directly from CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.2.78
+ * @version 1.2.79
  *
  */
 
@@ -208,6 +208,12 @@ if (configChatGPT.enabled) {
     }
 }
 
+// IP Whitelist
+const ipWhitelist = {
+    enabled: getEnvBoolean(process.env.IP_WHITELIST_ENABLED),
+    allowed: process.env.IP_WHITELIST_ALLOWED ? JSON.parse(process.env.IP_WHITELIST_ALLOWED) : [],
+};
+
 // stats configuration
 const statsData = {
     enabled: process.env.STATS_ENABLED ? getEnvBoolean(process.env.STATS_ENABLED) : true,
@@ -243,6 +249,19 @@ app.use(express.static(dir.public)); // Use all static files from the public fol
 app.use(bodyParser.urlencoded({ extended: true })); // Need for Slack API body parser
 app.use(apiBasePath + '/docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument)); // api docs
 
+// Restrict access to specified IP
+app.use((req, res, next) => {
+    if (!ipWhitelist.enabled) return next();
+    const clientIP = getIP(req);
+    log.debug('Check IP', clientIP);
+    if (ipWhitelist.allowed.includes(clientIP)) {
+        next();
+    } else {
+        log.info('Forbidden: Access denied from this IP address', { clientIP: clientIP });
+        res.status(403).json({ error: 'Forbidden', message: 'Access denied from this IP address.' });
+    }
+});
+
 // Logs requests
 app.use((req, res, next) => {
     log.debug('New request:', {
@@ -555,6 +574,7 @@ async function ngrokStart() {
             stats: statsData,
             host: hostCfg,
             presenters: roomPresenters,
+            ip_whitelist: ipWhitelist,
             ngrok: {
                 ngrok_enabled: ngrokEnabled,
                 ngrok_token: ngrokAuthToken,
@@ -611,6 +631,7 @@ server.listen(port, null, () => {
             stats: statsData,
             host: hostCfg,
             presenters: roomPresenters,
+            ip_whitelist: ipWhitelist,
             server: host,
             test_ice_servers: testStunTurn,
             api_docs: api_docs,
@@ -1450,7 +1471,7 @@ function getActiveRooms() {
  * @returns string ip
  */
 function getIP(req) {
-    return req.headers['x-forwarded-for'] || req.socket.remoteAddress;
+    return req.headers['x-forwarded-for'] || req.socket.remoteAddress || req.ip;
 }
 
 /**

package.json

@@ -1,6 +1,6 @@
 {
     "name": "mirotalk",
-    "version": "1.2.78",
+    "version": "1.2.79",
     "description": "A free WebRTC browser-based video call",
     "main": "server.js",
     "scripts": {

public/js/client.js

@@ -15,7 +15,7 @@
  * @license For commercial use or closed source, contact us at license.mirotalk@gmail.com or purchase directly from CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.2.78
+ * @version 1.2.79
  *
  */