mikkel/telegram-bot-mcp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: restrict /api/ingest to internal IPs only

Browse source 
Checks X-Forwarded-For/X-Real-IP from NPM proxy to get real client IP.
Only allows localhost, LAN (10.5.0.x), and NetBird (100.79.x) prefixes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mikkel Georgsen 2026-03-30 11:35:53 +00:00
parent 1dff4630fe
commit 50c3b116f7
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
mcp_bridge/mcp_server.py
View file

@ -102,8 +102,18 @@ def queue_status() -> str:
# Custom non-MCP routes (no auth required - local access only)
INTERNAL_PREFIXES = ("127.", "10.5.0.", "::1", "100.79.") # localhost, LAN, NetBird
async def ingest_message(request: Request) -> JSONResponse:
"""HTTP endpoint for local services to log messages into the bridge."""
# Check real client IP (X-Forwarded-For from NPM, or direct connection)
forwarded = request.headers.get("x-forwarded-for", "")
real_ip = request.headers.get("x-real-ip", "")
client_ip = forwarded.split(",")[0].strip() or real_ip or (request.client.host if request.client else "")
if not any(client_ip.startswith(p) for p in INTERNAL_PREFIXES):
return JSONResponse({"error": "forbidden"}, status_code=403)
try:
data = await request.json()
except Exception: