@sentrie/net
The @sentrie/net module provides network and IP address utilities for network-based policies. Supports both IPv4 and IPv6 addresses and CIDR notation.
use { cidrContains, parseIP, isIPv4, isPrivate } from @sentrie/netCIDR Functions
Section titled “CIDR Functions”cidrContains(cidr: string, cidrOrIp: string): boolean
Section titled “cidrContains(cidr: string, cidrOrIp: string): boolean”Checks if a CIDR block or IP address is contained within another CIDR block. Supports both IPv4 and IPv6.
Parameters:
cidr- The CIDR block to check against (e.g.,"192.168.1.0/24")cidrOrIp- Either a CIDR block or IP address to check (e.g.,"192.168.1.5"or"192.168.1.0/28")
Returns: true if cidrOrIp is contained within cidr, false otherwise
Throws: Error if either argument is not a valid CIDR or IP address
Example:
use { cidrContains } from @sentrie/netlet contains = net.cidrContains("192.168.1.0/24", "192.168.1.5") // truelet contains2 = net.cidrContains("10.0.0.0/8", "192.168.1.5") // falsecidrIntersects(cidr1: string, cidr2: string): boolean
Section titled “cidrIntersects(cidr1: string, cidr2: string): boolean”Checks if two CIDR blocks intersect or overlap. Supports both IPv4 and IPv6.
Parameters:
cidr1- First CIDR block (e.g.,"192.168.1.0/24")cidr2- Second CIDR block (e.g.,"192.168.1.0/28")
Returns: true if the CIDR blocks intersect, false otherwise
Throws: Error if either argument is not a valid CIDR block
Example:
use { cidrIntersects } from @sentrie/netlet intersects = net.cidrIntersects("192.168.1.0/24", "192.168.1.0/28") // truecidrIsValid(cidr: string): boolean
Section titled “cidrIsValid(cidr: string): boolean”Validates whether a string is a valid CIDR notation.
Parameters:
cidr- The CIDR string to validate (e.g.,"192.168.1.0/24")
Returns: true if the CIDR notation is valid, false otherwise
Example:
use { cidrIsValid } from @sentrie/netlet isValid = net.cidrIsValid("192.168.1.0/24") // truelet invalid = net.cidrIsValid("192.168.1.0") // falsecidrExpand(cidr: string): string[]
Section titled “cidrExpand(cidr: string): string[]”Expands a CIDR block to a list of all host IP addresses within that block.
Parameters:
cidr- The CIDR block to expand (e.g.,"192.168.1.0/28")
Returns: Array of all IP addresses in the CIDR block
Throws: Error if the CIDR notation is invalid
Example:
use { cidrExpand } from @sentrie/netlet ips = net.cidrExpand("192.168.1.0/30") // ["192.168.1.1", "192.168.1.2"]cidrMerge(addrs: string[] | any[]): string[]
Section titled “cidrMerge(addrs: string[] | any[]): string[]”Merges a list of IP addresses and subnets into the smallest possible list of CIDR blocks.
Parameters:
addrs- Array of IP addresses and/or CIDR blocks (e.g.,["192.168.1.1", "192.168.1.2", "10.0.0.0/24"])
Returns: Array of merged CIDR blocks
Throws: Error if any address is invalid
Example:
use { cidrMerge } from @sentrie/netlet merged = net.cidrMerge(["192.168.1.1", "192.168.1.2", "192.168.1.3"])IP Address Functions
Section titled “IP Address Functions”parseIP(ipStr: string): string | null
Section titled “parseIP(ipStr: string): string | null”Parses an IP address string (IPv4 or IPv6).
Parameters:
ipStr- The IP address string to parse
Returns: The normalized IP address string, or null if invalid
Example:
use { parseIP } from @sentrie/netlet ip = net.parseIP("192.168.1.1") // "192.168.1.1"let invalid = net.parseIP("invalid") // nullisIPv4(ip: string): boolean
Section titled “isIPv4(ip: string): boolean”Checks if an IP address is IPv4.
Parameters:
ip- The IP address to check
Returns: true if the IP is IPv4, false otherwise
Example:
use { isIPv4 } from @sentrie/netlet isV4 = net.isIPv4("192.168.1.1") // truelet isV4_2 = net.isIPv4("::1") // falseisIPv6(ip: string): boolean
Section titled “isIPv6(ip: string): boolean”Checks if an IP address is IPv6.
Parameters:
ip- The IP address to check
Returns: true if the IP is IPv6, false otherwise
Example:
use { isIPv6 } from @sentrie/netlet isV6 = net.isIPv6("::1") // truelet isV6_2 = net.isIPv6("192.168.1.1") // falseisPrivate(ip: string): boolean
Section titled “isPrivate(ip: string): boolean”Checks if an IP address is in a private address range. Private ranges include: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and IPv6 equivalents.
Parameters:
ip- The IP address to check
Returns: true if the IP is private, false otherwise
Example:
use { isPrivate } from @sentrie/netlet isPriv = net.isPrivate("192.168.1.1") // truelet isPriv2 = net.isPrivate("8.8.8.8") // falseisPublic(ip: string): boolean
Section titled “isPublic(ip: string): boolean”Checks if an IP address is a public (globally routable) address. Public addresses are globally routable unicast addresses that are not private or loopback.
Parameters:
ip- The IP address to check
Returns: true if the IP is public, false otherwise
Example:
use { isPublic } from @sentrie/netlet isPub = net.isPublic("8.8.8.8") // truelet isPub2 = net.isPublic("192.168.1.1") // falseisLoopback(ip: string): boolean
Section titled “isLoopback(ip: string): boolean”Checks if an IP address is a loopback address. Loopback addresses include 127.0.0.0/8 for IPv4 and ::1 for IPv6.
Parameters:
ip- The IP address to check
Returns: true if the IP is a loopback address, false otherwise
Example:
use { isLoopback } from @sentrie/netlet isLoop = net.isLoopback("127.0.0.1") // truelet isLoop2 = net.isLoopback("::1") // trueisMulticast(ip: string): boolean
Section titled “isMulticast(ip: string): boolean”Checks if an IP address is a multicast address.
Parameters:
ip- The IP address to check
Returns: true if the IP is multicast, false otherwise
Example:
use { isMulticast } from @sentrie/netlet isMulti = net.isMulticast("224.0.0.1") // trueComplete Example
Section titled “Complete Example”namespace com/example/network
policy mypolicy { use { cidrContains, parseIP, isPrivate, isPublic } from @sentrie/net fact clientIp!: string fact allowedCidr!: string
rule checkAccess = default false { let ip = net.parseIP(clientIp) let isPrivate = net.isPrivate(clientIp) let isAllowed = net.cidrContains(allowedCidr, clientIp) yield ip != null and isAllowed and not isPrivate }
export decision of checkAccess}