Add IP block on authentication via EID

Also, correct mistakenly used 403 error code.
Update aplication-example.yml to include new functionality.
This commit is contained in:
Maciej Szlosarczyk 2018-07-24 11:33:51 +03:00
parent 8f234a5852
commit 42004f933f
No known key found for this signature in database
GPG key ID: 41D62D42D3B0D765
6 changed files with 42 additions and 6 deletions

View file

@ -5,6 +5,8 @@ module Api
module V1
module Registrant
class AuthController < ActionController::API
before_action :check_ip_whitelist
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {}
error[parameter_missing_exception.param] = ['parameter is required']
@ -39,6 +41,14 @@ module Api
hash = token_creator.token_in_hash
hash
end
def check_ip_whitelist
allowed_ips = ENV['registrant_api_auth_allowed_ips'].to_s.split(',').map(&:strip)
unless allowed_ips.include?(request.ip) || Rails.env.development?
render json: { error: 'Not authorized' }, status: 401
end
end
end
end
end

View file

@ -7,6 +7,13 @@ module Api
class BaseController < ActionController::API
before_action :authenticate
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {}
error[parameter_missing_exception.param] = ['parameter is required']
response = { errors: [error] }
render json: response, status: :unprocessable_entity
end
private
def bearer_token
@ -22,7 +29,7 @@ module Api
if decryptor.valid?
sign_in decryptor.user
else
render json: { error: 'Not authorized' }, status: 403
render json: { error: 'Not authorized' }, status: 401
end
end
end

View file

@ -7,11 +7,11 @@ module Api
class DomainsController < BaseController
def index
registrant = ::Registrant.find_by(ident: current_user.registrant_ident)
unless registrant
render json: Domain.all
else
if registrant
domains = Domain.where(registrant_id: registrant.id)
render json: domains
else
render json: []
end
end
end