From 162506a6bb3038d1072c481ae894a3e7a503a092 Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Sun, 17 Nov 2024 17:37:02 +0100
Subject: [PATCH] Add guard on req.ip not being a valid IP address

---
 streaming/index.js | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/streaming/index.js b/streaming/index.js
index 2138e4defa..2f58d8aadd 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -2,6 +2,7 @@
 
 import fs from 'node:fs';
 import http from 'node:http';
+import net from 'node:net';
 import path from 'node:path';
 import url from 'node:url';
 
@@ -384,7 +385,20 @@ const startServer = async () => {
     // Track the usage of the access token if necessary:
     // This is the same code as: app/controllers/concerns/api/access_token_tracking_concern.rb
     if (accessToken.last_used_at === null || accessToken.last_used_at < Date.now() - ACCESS_TOKEN_UPDATE_FREQUENCY) {
-      await pgPool.query('UPDATE "oauth_access_tokens" SET "last_used_at" = $2, "last_used_ip" = $3 WHERE "oauth_access_tokens"."id" = $1', [ accessToken.id, new Date(), req.ip ]);
+      let query, variables = [];
+      if (req.ip && net.isIP(req.ip)) {
+        query = 'UPDATE "oauth_access_tokens" SET "last_used_at" = $2, "last_used_ip" = $3 WHERE "oauth_access_tokens"."id" = $1';
+        variables = [ accessToken.id, new Date(), req.ip ];
+      } else {
+        query = 'UPDATE "oauth_access_tokens" SET "last_used_at" = $2 WHERE "oauth_access_tokens"."id" = $1';
+        variables = [ accessToken.id, new Date() ];
+      }
+
+      try {
+        await pgPool.query(query, variables);
+      } catch (err) {
+        req.log.error(err, 'Error updating Access Token usage tracking');
+      }
     }
 
     req.accessTokenId = accessToken.id;