full vpn ip list

package.json

@@ -8,6 +8,7 @@
   },
   "private": true,
   "dependencies": {
+    "@QMI/qmi-cloud-common": "2.0.22",
     "@angular-devkit/build-angular": "^0.900.7",
     "@angular/animations": "~9.0.7",
     "@angular/cdk": "^9.0.0",
@@ -24,7 +25,6 @@
     "@hapi/boom": "^9.1.0",
     "@ng-bootstrap/ng-bootstrap": "6.2.0",
     "@types/chart.js": "^2.9.16",
-    "@QMI/qmi-cloud-common": "2.0.22",
     "adal-angular4": "^4.0.12",
     "angular-bootstrap-md": "9.0.0",
     "animate.css": "^3.7.2",
@@ -44,6 +44,7 @@
     "fs-extra": "^8.1.0",
     "hammerjs": "^2.0.8",
     "http-proxy-middleware": "^3.0.3",
+    "ip-range-check": "^0.2.0",
     "js-sha1": "^0.6.0",
     "jsonwebtoken": "^8.5.1",
     "leonardo-ui": "^1.7.1",

server/passport-okta.js

@@ -3,21 +3,13 @@ const expressSession = require('express-session');
 const config = require('./config');
 const requestIp = require('request-ip');
 const utils = require('./utils');
-
+const vpn = require('./vpn');
 
 // set up database for express session
 const MongoStore = require('connect-mongo')(expressSession);
 const mongoose = require('mongoose');
 const db = require("@QMI/qmi-cloud-common/mongo");
 
-const ALLOW_VPN_IPS = [
-    "217.117.156.163",  // EMEA-France-Paris
-    "149.97.160.218",   // AMER-USA-SantaClara
-    "14.97.167.22",     // 
-    "194.90.96.180",    // EMEA-Israel-Petach
-    "122.185.123.62",   // APAC-India-Bangalore
-    "188.65.156.34"     // EMEA-Sweden-Landskrona
-];
 
 const sessionStore = config.useMongoDBSessionStore? new MongoStore({
     mongooseConnection: mongoose.connection,
@@ -313,9 +305,9 @@ module.exports.ensureAuthenticatedAndVPNDoLogin = async function(req, res, next)
     res.setHeader("Cache-Control", "no-cache, no-store");
     res.removeHeader("Content-Security-Policy");
     const ipAddress = requestIp.getClientIp(req);
-    var isVPN = ipAddress && (ALLOW_VPN_IPS.includes(ipAddress) || ipAddress.indexOf("10.0.0") !== -1);
+    const isVPN = ipAddress && (ipAddress.indexOf("10.0.0") !== -1 || vpn.isQlikVPN(ipAddress));
     if ( !isVPN ) {
-        res.send("You do not seem connected to the VPN, please connect");
+        res.send("You do not seem connected to Qlik VPN or in a Qlik Office, please connect.");
         console.log("Passport# ensureAuthenticatedAndVPNDoLogin", ipAddress, isVPN);
     } else if ( await _ensureAuthenticated(req) ) {
         return next();      

server/vpn.js

@@ -0,0 +1,178 @@
+const ipRangeCheck = require("ip-range-check");
+
+const ALLOWED_VPN_IPS = process.env.ALLOW_VPN_IPS? process.env.ALLOW_VPN_IPS.split(",") : [
+
+    /* Locations used by VPN
+    FortiClient Qlik AMER: Peak 10
+    FortiClient Qlik EMEA: Azure West EU
+    FortiClient Qlik APAC: Azure SE Asia
+    FortiClient Qlik Israel: Bezeq International
+    FortiClient Qlik AMER Full Tunnel: EdgeConneX
+    FortiClient Qlik EMEA Full Tunnel: ITG
+    GlobalProtect France-Paris-PA7 DC: PA7
+    GlobalProtect India Bangalore: Bangalore
+    GlobalProtect US-SantaClara-SV2 DC: SV2 */
+
+    //Amsterdam
+    "87.215.26.80/30",
+    "213.19.160.248/29",
+
+    //Azure East US
+    "20.169.241.157/32",
+    "52.249.189.36/30",
+
+    //Azure SE Asia
+    "4.194.213.114/32",
+    "13.67.39.84/30",
+    "52.163.112.12/32",
+
+    //Azure West EU
+    "20.67.110.204/30",
+    "20.160.170.99/32",
+    "51.124.216.148/32",
+
+    //Bangalore
+    "14.97.166.192/29",
+    "14.97.167.20/30",
+    "122.185.123.60/30",
+    "182.79.10.24/29",
+
+    //Barcelona
+    "213.249.118.192/29",
+    "217.111.236.72/29",
+
+    //Beijing
+    "60.247.114.144/28",
+
+    //Bezeq International
+    "84.110.174.176/29",
+    "194.90.96.176/29",
+    "213.57.84.160/29",
+
+    //Boston
+    "4.31.157.72/29",
+    "160.72.228.184/29",
+
+    //Brussels
+    "62.72.113.248/29",
+
+    //Canberra
+    "194.193.33.92/30",
+    "203.54.177.108/30",
+
+    //Dubai
+    "5.32.13.160/29",
+    "91.74.64.88/30",
+
+    //EdgeConneX
+    "50.239.179.0/29",
+    "144.121.57.96/28",
+
+    //Gothenburg
+    "62.84.210.176/29",
+    "80.169.23.152/29",
+
+    //Hong Kong
+    "113.28.150.136/29",
+    "157.120.224.72/29",
+
+    //ITG
+    "188.65.156.32/28",
+    "188.65.156.64/26",
+    "188.65.157.0/24",
+    "212.73.252.96/29",
+
+    //King of Prussia
+    "4.7.75.104/29",
+    "50.196.32.120/29",
+    "144.121.150.64/29",
+
+    //London
+    "213.19.205.200/29",
+    "213.86.16.48/29",
+
+    //Lund
+    "193.15.228.244/30",
+
+    //Melbourne
+    "59.100.255.132/30",
+    "210.23.152.248/30",
+
+    //Milan
+    "82.112.207.120/29",
+    "213.249.127.192/29",
+
+    //Munich
+    "62.67.24.152/29",
+    "87.191.17.104/29",
+
+    //Nantes
+    "81.255.115.32/29",
+    "84.14.92.152/29",
+
+    //New York
+    "144.121.205.232/29",
+    "216.158.140.240/29",
+
+    //Ottawa
+    "4.16.48.64/29",
+    "172.110.70.104/29",
+
+    //PA7
+    "217.117.156.84/30",
+    "217.117.156.140/30",
+    "217.117.156.160/27",
+
+    //Peak 10
+    "4.4.97.104/29",
+    "72.15.192.80/28",
+    "206.196.17.32/27",
+
+    //Salt Lake City
+    "67.148.246.64/29",
+    "208.185.177.232/31",
+
+    //Sao Paulo
+    "200.143.76.220/30",
+    "200.186.98.152/29",
+
+    //Singapore
+    "66.96.221.184/29",
+    "113.29.111.232/29",
+
+    //Suresnes
+    "62.23.50.120/29",
+
+    //SV2
+    "4.31.193.68/30",
+    "4.79.217.0/25",
+    "149.97.160.216/30",
+    "149.97.160.220/30",
+    "149.97.185.0/27",
+
+    //Sydney
+    "110.175.244.64/29",
+    "113.29.116.192/29",
+
+    //Tokyo
+    "8.244.136.32/29",
+    "67.220.128.192/29",
+
+    //Vadodara
+    "113.212.86.40/29",
+    "202.160.161.208/29",
+
+    //Vicenza
+    "212.3.233.168/29",
+    "213.254.239.32/29",
+
+    //Winnersh
+    "89.197.129.216/29",
+    "217.163.97.32/29",
+
+];
+
+
+module.exports.isQlikVPN = function(ip) {
+    return ipRangeCheck(ip, ALLOWED_VPN_IPS);
+}