Add IP block on authentication via EID

Also, correct mistakenly used 403 error code. Update aplication-example.yml to include new functionality.
2025-07-21 18:26:06 +02:00 · 2018-07-24 11:33:51 +03:00 · 2018-07-24 11:33:51 +03:00 · 42004f933f
commit 42004f933f
parent 8f234a5852
6 changed files with 42 additions and 6 deletions
--- a/app/controllers/api/v1/registrant/auth_controller.rb
+++ b/app/controllers/api/v1/registrant/auth_controller.rb
@ -5,6 +5,8 @@ module Api
  module V1
    module Registrant
      class AuthController < ActionController::API
+        before_action :check_ip_whitelist
+
        rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
          error = {}
          error[parameter_missing_exception.param] = ['parameter is required']
@ -39,6 +41,14 @@ module Api
          hash = token_creator.token_in_hash
          hash
        end
+
+        def check_ip_whitelist
+          allowed_ips = ENV['registrant_api_auth_allowed_ips'].to_s.split(',').map(&:strip)
+
+          unless allowed_ips.include?(request.ip) || Rails.env.development?
+            render json: { error: 'Not authorized' }, status: 401
+          end
+        end
      end
    end
  end
--- a/app/controllers/api/v1/registrant/base_controller.rb
+++ b/app/controllers/api/v1/registrant/base_controller.rb
@ -7,6 +7,13 @@ module Api
      class BaseController < ActionController::API
        before_action :authenticate

+        rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
+          error = {}
+          error[parameter_missing_exception.param] = ['parameter is required']
+          response = { errors: [error] }
+          render json: response, status: :unprocessable_entity
+        end
+
        private

        def bearer_token
@ -22,7 +29,7 @@ module Api
          if decryptor.valid?
            sign_in decryptor.user
          else
-            render json: { error: 'Not authorized' }, status: 403
+            render json: { error: 'Not authorized' }, status: 401
          end
        end
      end
--- a/app/controllers/api/v1/registrant/domains_controller.rb
+++ b/app/controllers/api/v1/registrant/domains_controller.rb
@ -7,11 +7,11 @@ module Api
      class DomainsController < BaseController
        def index
          registrant = ::Registrant.find_by(ident: current_user.registrant_ident)
-          unless registrant
-            render json: Domain.all
-          else
+          if registrant
            domains = Domain.where(registrant_id: registrant.id)
            render json: domains
+          else
+            render json: []
          end
        end
      end