net: introduce net.BlockList

`net.BlockList` provides an object intended to be used by net APIs to
specify rules for disallowing network activity with specific IP
addresses. This commit adds the basic mechanism but does not add the
specific uses.

PR-URL: https://github.com/nodejs/node/pull/34625
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Bradley Farias <bradley.meck@gmail.com>

1 files changed, 115 insertions, 0 deletions

diff --git a/lib/internal/blocklist.js b/lib/internal/blocklist.js
new file mode 100644
index 00000000000..d4074ab41c2
--- /dev/null
+++ b/lib/internal/blocklist.js
@@ -0,0 +1,115 @@
+'use strict';
+
+const {
+  Boolean,
+  Symbol
+} = primordials;
+
+const {
+  BlockList: BlockListHandle,
+  AF_INET,
+  AF_INET6,
+} = internalBinding('block_list');
+
+const {
+  customInspectSymbol: kInspect,
+} = require('internal/util');
+const { inspect } = require('internal/util/inspect');
+
+const kHandle = Symbol('kHandle');
+const { owner_symbol } = internalBinding('symbols');
+
+const {
+  ERR_INVALID_ARG_TYPE,
+  ERR_INVALID_ARG_VALUE,
+  ERR_OUT_OF_RANGE,
+} = require('internal/errors').codes;
+
+class BlockList {
+  constructor() {
+    this[kHandle] = new BlockListHandle();
+    this[kHandle][owner_symbol] = this;
+  }
+
+  [kInspect](depth, options) {
+    if (depth < 0)
+      return this;
+
+    const opts = {
+      ...options,
+      depth: options.depth == null ? null : options.depth - 1
+    };
+
+    return `BlockList ${inspect({
+      rules: this.rules
+    }, opts)}`;
+  }
+
+  addAddress(address, family = 'ipv4') {
+    if (typeof address !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('address', 'string', address);
+    if (typeof family !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('family', 'string', family);
+    if (family !== 'ipv4' && family !== 'ipv6')
+      throw new ERR_INVALID_ARG_VALUE('family', family);
+    const type = family === 'ipv4' ? AF_INET : AF_INET6;
+    this[kHandle].addAddress(address, type);
+  }
+
+  addRange(start, end, family = 'ipv4') {
+    if (typeof start !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('start', 'string', start);
+    if (typeof end !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('end', 'string', end);
+    if (typeof family !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('family', 'string', family);
+    if (family !== 'ipv4' && family !== 'ipv6')
+      throw new ERR_INVALID_ARG_VALUE('family', family);
+    const type = family === 'ipv4' ? AF_INET : AF_INET6;
+    const ret = this[kHandle].addRange(start, end, type);
+    if (ret === false)
+      throw new ERR_INVALID_ARG_VALUE('start', start, 'must come before end');
+  }
+
+  addSubnet(network, prefix, family = 'ipv4') {
+    if (typeof network !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('network', 'string', network);
+    if (typeof prefix !== 'number')
+      throw new ERR_INVALID_ARG_TYPE('prefix', 'number', prefix);
+    if (typeof family !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('family', 'string', family);
+    let type;
+    switch (family) {
+      case 'ipv4':
+        type = AF_INET;
+        if (prefix < 0 || prefix > 32)
+          throw new ERR_OUT_OF_RANGE(prefix, '>= 0 and <= 32', prefix);
+        break;
+      case 'ipv6':
+        type = AF_INET6;
+        if (prefix < 0 || prefix > 128)
+          throw new ERR_OUT_OF_RANGE(prefix, '>= 0 and <= 128', prefix);
+        break;
+      default:
+        throw new ERR_INVALID_ARG_VALUE('family', family);
+    }
+    this[kHandle].addSubnet(network, type, prefix);
+  }
+
+  check(address, family = 'ipv4') {
+    if (typeof address !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('address', 'string', address);
+    if (typeof family !== 'string')
+      throw new ERR_INVALID_ARG_TYPE('family', 'string', family);
+    if (family !== 'ipv4' && family !== 'ipv6')
+      throw new ERR_INVALID_ARG_VALUE('family', family);
+    const type = family === 'ipv4' ? AF_INET : AF_INET6;
+    return Boolean(this[kHandle].check(address, type));
+  }
+
+  get rules() {
+    return this[kHandle].getRules();
+  }
+}
+
+module.exports = BlockList;