IP white list was added!

README.md

@@ -59,6 +59,7 @@ You can use any of the following options:
 | [`renderSingle`](#rendersingle-boolean)              | If a directory only contains one file, render it                      |
 | [`symlinks`](#symlinks-boolean)                      | Resolve symlinks instead of rendering a 404 error                     |
 | [`etag`](#etag-boolean)                              | Calculate a strong `ETag` response header, instead of `Last-Modified` |
+| [`whitelist`](#whitelist-array)                      | If exists, Only IPs in this list are allowed to access resources      |
 
 ### public (String)
 

package.json

@@ -66,6 +66,7 @@
     "bytes": "3.0.0",
     "content-disposition": "0.5.2",
     "fast-url-parser": "1.1.3",
+    "ipaddr.js": "^2.0.1",
     "mime-types": "2.1.18",
     "minimatch": "3.0.4",
     "path-is-inside": "1.0.2",

src/index.js

@@ -14,6 +14,7 @@ const bytes = require('bytes');
 const contentDisposition = require('content-disposition');
 const isPathInside = require('path-is-inside');
 const parseRange = require('range-parser');
+const ipaddr = require('ipaddr.js');
 
 // Other
 const directoryTemplate = require('./directory');
@@ -545,7 +546,26 @@ const getHandlers = methods => Object.assign({
 	sendError
 }, methods);
 
+const whitelistApplier = (request, whitelist) => {
+	let ip = request.ip || request.connection.remoteAddress || request.socket.remoteAddress || request.connection.socket.remoteAddress;
+
+	if (ipaddr.isValid(ip)) {
+		ip = ipaddr.process(ip).toString();
+	}
+
+	return whitelist.includes(ip);
+};
+
 module.exports = async (request, response, config = {}, methods = {}) => {
+	if (config.whitelist) {
+		const requestIsAllowed = await whitelistApplier(request, config.whitelist);
+		if (!requestIsAllowed) {
+			const err = new Error('Forbidden');
+			err.statusCode = 403;
+			throw err;
+		}
+	}
+
 	const cwd = process.cwd();
 	const current = config.public ? path.resolve(cwd, config.public) : cwd;
 	const handlers = getHandlers(methods);