feat/MS Teams IP check improvement (#117)

* added ip in cidr utilities * middleware add ms teams cidr check * use cidr-matcher lib * removed redundant require * moved cidr-matcher require to top of file * moved express require to top of file --------- Co-authored-by: ajukes <ajukes@callable.io>
jambonz · Sep 18, 2023 · 63e72fb · 63e72fb
1 parent e5dce35
commit 63e72fb
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/lib/middleware.js b/lib/middleware.js
@@ -1,7 +1,7 @@
 const debug = require('debug')('jambonz:sbc-inbound');
 const assert = require('assert');
 const parseUri = require('drachtio-srf').parseUri;
-const {nudgeCallCounts, roundTripTime} = require('./utils');
+const {nudgeCallCounts, roundTripTime, isMSTeamsCIDR} = require('./utils');
 const digestChallenge = require('@jambonz/digest-utils');
 const msProxyIps = process.env.MS_TEAMS_SIP_PROXY_IPS ?
   process.env.MS_TEAMS_SIP_PROXY_IPS.split(',').map((i) => i.trim()) :
@@ -155,7 +155,7 @@ module.exports = function(srf, logger) {
           ...req.locals
         };
       }
-      else if (msProxyIps.includes(req.source_address)) {
+      else if (msProxyIps.includes(req.source_address) || isMSTeamsCIDR(req.source_address)) {
         logger.info({source_address: req.source_address}, 'identifyAccount: incoming call from Microsoft Teams');
         const uri = parseUri(req.uri);
 

diff --git a/lib/utils.js b/lib/utils.js
@@ -1,5 +1,8 @@
+const CIDRMatcher = require('cidr-matcher');
+const express = require('express');
 const rtpCharacteristics = require('../data/rtp-transcoding');
 const srtpCharacteristics = require('../data/srtp-transcoding');
+
 let idx = 0;
 
 const isWSS = (req) => {
@@ -96,7 +99,6 @@ const handleErrors = (logger, app, resolve, reject, e) => {
 
 
 const createHealthCheckApp = (port, logger) => {
-  const express = require('express');
   const app = express();
 
   app.use(express.urlencoded({ extended: true }));
@@ -178,6 +180,20 @@ const parseConnectionIp = (sdp) => {
   return arr ? arr[1] : null;
 };
 
+/**
+ * Checks if ip is one of MS Teams sip signalling ips
+ * https://learn.microsoft.com/en-us/azure/communication-services/concepts
+ * /telephony/direct-routing-infrastructure#sip-signaling-fqdns
+ * @param ip IP address, example 172.31.0.1
+ * */
+const isMSTeamsCIDR = (ip) => {
+  const cidrs = [
+    '52.112.0.0/14',
+    '52.120.0.0/14'
+  ];
+  const matcher = new CIDRMatcher(cidrs);
+  return matcher.contains(ip);
+};
 
 module.exports = {
   isWSS,
@@ -194,5 +210,6 @@ module.exports = {
   createHealthCheckApp,
   nudgeCallCounts,
   roundTripTime,
-  parseConnectionIp
+  parseConnectionIp,
+  isMSTeamsCIDR
 };