Add IP lookup feature

[che0124]

User description

• Add new map.conf for IP-to-location mapping
• Update nginx.conf to increase map_hash_bucket_size to handle larger maps
• Update geoip2.conf to define variables for IP address lookup
• Update ipinfo.conf to add location blocks for /lookup routing

---

PR Type

Enhancement, Documentation

---

Description

• Introduce IP lookup feature via /lookup endpoint

  • Adds support for querying info for arbitrary IPs
  • Returns country, ASN, and user agent details

• Update NGINX configuration for IP mapping and lookup variables

  • Adds map.conf for argument-based IP selection
  • Extends geoip2.conf for lookup variables
  • Adds /lookup location block in ipinfo.conf
  • Increases map_hash_bucket_size in nginx.conf

• Update documentation to describe new lookup feature

---

Changes walkthrough 📝

	Relevant files
Documentation	README.md Document new IP lookup endpoint and usage                                README.md Documents new /lookup endpoint for IP queries Adds usage example for IP lookup +6/-0
Enhancement	geoip2.conf Extend geoip2 config for lookup IP variables                          nginx/conf.d/geoip2.conf Adds variables for IP lookup using $lookup_ip Supports country and ASN info for arbitrary IPs +9/-1      ipinfo.conf Add lookup variables and endpoint to ipinfo config              nginx/conf.d/ipinfo.conf Defines variables for lookup country and ASN Adds /lookup endpoint returning lookup info +6/-0      map.conf Add map config for argument-based IP selection                      nginx/conf.d/map.conf New file mapping query argument ip to $lookup_ip Defaults to client IP if not provided +4/-0      nginx.conf Increase map hash bucket size in nginx config                        nginx/nginx.conf Increases map_hash_bucket_size to 128 for larger maps +1/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

Summary by CodeRabbit

• New Features
  • Introduced a new /lookup endpoint that returns IP address, country, and ASN information for a specified IP or the client’s IP by default.
• Documentation
  • Updated documentation to include details and example usage of the new /lookup endpoint.

[coderabbitai[bot]]

📝 Walkthrough

Walkthrough

The changes introduce support for an IP lookup feature in the Nginx-based GeoIP2 service. This is achieved by adding a new /lookup endpoint, which allows users to query geographical and ASN information for a specific IP address via a query parameter or defaults to the client's IP address. The configuration is updated to handle a new $lookup_ip variable, conditionally set based on the presence of the ip query parameter. Additional variables and logic are added to extract and display country and ASN information for the looked-up IP. Documentation is updated to describe the new endpoint and provide usage examples.

Changes

File(s)	Change Summary
README.md	Updated documentation to describe the new /lookup endpoint, its usage, and example curl invocation.
nginx/conf.d/geoip2.conf	Added GeoIP2 variables for lookups based on $lookup_ip, enabling geo and ASN data extraction for arbitrary IPs.
nginx/conf.d/ipinfo.conf	Defined new variables for lookup results and added a /lookup location returning lookup info and user agent in plain text.
nginx/conf.d/map.conf	Introduced a map directive to set $lookup_ip based on the ip query parameter or default to $remote_addr.
nginx/nginx.conf	Added map_hash_bucket_size 128; to the HTTP block to support map directive performance and sizing.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Nginx
    participant GeoIP2Module

    Client->>Nginx: GET /lookup?ip=1.2.3.4
    Nginx->>Nginx: map $lookup_ip = $arg_ip or $remote_addr
    Nginx->>GeoIP2Module: Lookup geo and ASN info for $lookup_ip
    GeoIP2Module-->>Nginx: Return country and ASN data
    Nginx-->>Client: Respond with IP, country, ASN, user-agent

sequenceDiagram
    participant Client
    participant Nginx
    participant GeoIP2Module

    Client->>Nginx: GET /lookup (no ip param)
    Nginx->>Nginx: map $lookup_ip = $remote_addr
    Nginx->>GeoIP2Module: Lookup geo and ASN info for $lookup_ip
    GeoIP2Module-->>Nginx: Return country and ASN data
    Nginx-->>Client: Respond with IP, country, ASN, user-agent

[!TIP]

⚡️ Faster reviews with caching

• CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.

Enjoy the performance boost—your workflow just got faster.

---

📜 Recent review details

Configuration used: CodeRabbit UI Review profile: CHILL Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c7a30858a4a5f65687dccfd7c5c61afb3456941 and ab761fe5e08c1c32c5056f6dfd2df2ed5124bcbc.

📒 Files selected for processing (1)

• nginx/conf.d/map.conf (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• nginx/conf.d/map.conf

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[qodo-free-for-open-source-projects[bot]]

PR Reviewer Guide 🔍

(Review updated until commit https://github.com/PeterDaveHello/ipinfo.tw/commit/9c7a30858a4a5f65687dccfd7c5c61afb3456941)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Information disclosure: The new lookup feature allows users to query information about arbitrary IP addresses. While this may be the intended functionality, it could potentially be used for reconnaissance or information gathering. Consider if rate limiting or access controls should be implemented to prevent abuse of this feature. Additionally, the feature exposes geographic and network information about IPs that might be considered sensitive in some contexts.

⚡ Recommended focus areas for review Input Validation The lookup endpoint accepts an IP address without validation. Consider adding input validation to ensure the provided IP is properly formatted to prevent potential misuse. location = /lookup { default_type text/plain; return 200 "$lookup_ip\n$lookup_country\n$lookup_as\n\n$http_user_agent\n"; } Security Consideration The implementation allows querying information for any IP address. Consider if this is the intended behavior or if access controls should be implemented to restrict who can query arbitrary IPs. map $arg_ip $lookup_ip { "" $remote_addr; default $arg_ip; }

[qodo-free-for-open-source-projects[bot]]

PR Code Suggestions ✨

Latest suggestions up to 9c7a308 Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Add IP address validation The lookup endpoint doesn't validate the IP address format, which could lead to errors or unexpected behavior with invalid inputs. Add IP validation using a regex map to ensure only valid IPv4/IPv6 addresses are processed. nginx/conf.d/ipinfo.conf [69-72] location = /lookup { default_type text/plain; + if ($lookup_ip_valid != "1") { + return 400 "Invalid IP address format\n"; + } return 200 "$lookup_ip\n$lookup_country\n$lookup_as\n\n$http_user_agent\n"; } [ ] Apply / Chat <!-- /improve --apply_suggestion=0 --> Suggestion importance[1-10]: 9 __ Why: Adding IP validation is a critical security improvement that prevents potential abuse or errors from malformed inputs. The suggestion correctly identifies a security vulnerability and provides a proper implementation using the $lookup_ip_valid variable to reject invalid IP addresses with an appropriate error response.	High
	Validate IP address format Add IP validation using regex patterns to prevent potential security issues with malformed inputs. This ensures only properly formatted IPv4/IPv6 addresses are accepted for lookup. nginx/conf.d/map.conf [1-4] map $arg_ip $lookup_ip { "" $remote_addr; default $arg_ip; } +# Validate IP format (IPv4 or IPv6) +map $lookup_ip $lookup_ip_valid { + ~^([0-9]{1,3}\.){3}[0-9]{1,3}$ 1; + ~^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ 1; + default 0; +} + [ ] Apply / Chat <!-- /improve --apply_suggestion=1 --> Suggestion importance[1-10]: 9 __ Why: This suggestion adds essential IP validation using regex patterns that complement the first suggestion. It creates the $lookup_ip_valid variable needed by the first suggestion and provides proper regex patterns for both IPv4 and IPv6 validation, which is a significant security improvement to prevent potential issues with malformed inputs.	High
[ ] Update <!-- /improve --more_suggestions=true -->

---

Previous suggestions

Suggestions up to commit 9c7a308

Category	Suggestion	Impact
Security	Validate IP address format The lookup endpoint doesn't validate the IP address format, which could lead to invalid lookups or potential security issues. Add IP validation using a regex map to ensure only valid IPv4/IPv6 addresses are processed. nginx/conf.d/ipinfo.conf [69-72] location = /lookup { default_type text/plain; + if ($lookup_ip !~ "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}$|^([0-9a-fA-F]{1,4}:){1,7}:$|^([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}$|^([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}$|^([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}$|^([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}$|^([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}$|^[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})$|^:((:[0-9a-fA-F]{1,4}){1,7}|:)$") { + return 400 "Invalid IP address format\n"; + } return 200 "$lookup_ip\n$lookup_country\n$lookup_as\n\n$http_user_agent\n"; } [ ] Apply this suggestion <!-- /improve --apply_suggestion=0 --> Suggestion importance[1-10]: 7 __ Why: The suggestion correctly points out that the $lookup_ip variable, potentially derived from user input ($arg_ip), is used without validation. Adding IP format validation improves robustness and prevents potential issues with the GeoIP lookup module if invalid data is provided.	Medium

[PeterDaveHello]

Hi @che0124,

Thanks for your contribution. Would you please take a look at the reviews above, so that we can continue?

[che0124]

Hi @PeterDaveHello,

Thanks for your comment, I have finished reading the above review. Besides input validation, is there anything else that needs to be adjusted?

[PeterDaveHello]

@che0124 Thanks! Could you use a path format like https://ipinfo.tw/lookup/1.1.1.1 instead of using a query string? I also like to see that its functions are mostly like the original ones, e.g., using different paths to get other info, json output, etc.