Proposal: Limit token usage to a set of (optional) CIDR ranges
chilts opened this issue · comments
Description / Overview
Currently we allow all tokens to be used from anywhere. In a production app setting there is usually either a handful of limited IP addresses that a token could be used or a few CIDR ranges from which it might be used.
Proposal
Add the ability to limit the range of addresses a token could be used. I was going to include a screenshot from npm's Create Token screen but the UI only allows read or read-write. However the CLI allows multiple CIDR ranges:
$ npm token create [--read-only] [--cidr=1.1.1.1/24,2.2.2.2/16]
I suspect due to places like AWS or Heroku, we'd have to allow a set of CIDR addresses to be added, perhaps comma separated much like the above.
Why?
If an attacker obtains a token and tries to use it from a non-allowed address they would be rejected based on their incoming address. There is a possibility they can guess the token is allowed from (say) the Heroku ranges they publish and they could spin up an app, it is of course a non-zero amount of extra work they have to do to be able to use it correctly.