Add IP protection for REPP

2025-05-16 17:37:17 +02:00 · 2015-05-19 19:12:43 +03:00 · 2015-05-19 19:12:43 +03:00 · abf47b1e08
commit abf47b1e08
parent 8321f894d5
6 changed files with 39 additions and 6 deletions
--- a/app/api/repp/api.rb
+++ b/app/api/repp/api.rb
@ -8,6 +8,10 @@ module Repp
    end

    before do
+      unless Rails.env.development?
+        error! 'IP is not whitelisted', 401 unless @current_user.registrar.repp_ip_white?(request.ip)
+      end
+
      next if Rails.env.test? || Rails.env.development?
      message = 'Certificate mismatch! Cert common name should be:'
      request_name = env['HTTP_SSL_CLIENT_S_DN_CN']
@ -18,6 +22,7 @@ module Repp
      else
        error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
      end
+
    end

    helpers do
--- a/app/models/registrar.rb
+++ b/app/models/registrar.rb
@ -146,4 +146,20 @@ class Registrar < ActiveRecord::Base
  def code=(code)
    self[:code] = code.gsub(/[ :]/, '').upcase if new_record? && code.present?
  end
+
+  def repp_ip_white?(ip)
+    white_ips.repp.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
+  end
+
+  def epp_ip_white?(ip)
+    white_ips.epp.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
+  end
+
+  def registrar_ip_white?(ip)
+    white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
+  end
+
+  def global_ip_white?(ip)
+    white_ips.global.pluck(:ipv4, :ipv6).flatten.include?(ip)
+  end
 end
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@ -13,9 +13,15 @@ class WhiteIp < ActiveRecord::Base
    errors.add(:base, I18n.t(:ipv4_or_ipv6_must_be_present))
  end

-  INTERFACE_EPP = 'epp'
-  INTERFACE_REPP = 'repp'
-  INTERFACE_REGISTRAR = 'registrar'
+  EPP = 'epp'
+  REPP = 'repp'
+  REGISTRAR = 'registrar'
+  GLOBAL = 'global'

-  INTERFACES = [INTERFACE_EPP, INTERFACE_REPP, INTERFACE_REGISTRAR]
+  INTERFACES = [GLOBAL, EPP, REPP, REGISTRAR]
+
+  scope :epp, -> { where(interface: EPP) }
+  scope :repp, -> { where(interface: REPP) }
+  scope :registrar, -> { where(interface: REGISTRAR) }
+  scope :global, -> { where(interface: GLOBAL) }
 end
--- a/app/views/admin/white_ips/_form.haml
+++ b/app/views/admin/white_ips/_form.haml
@ -23,7 +23,7 @@
        .col-md-4.control-label
          = f.label :interface
        .col-md-7
-          = f.select :interface, [[t(:choose), '']] + WhiteIp::INTERFACES.map {|x| [x.upcase, x]}, {}, class: 'form-control selectize', placeholder: t(:choose)
+          = f.select :interface, WhiteIp::INTERFACES.map {|x| [x.upcase, x]}, {}, class: 'form-control selectize'
  %hr
  .row
    .col-md-8.text-right
--- a/spec/fabricators/registrar_fabricator.rb
+++ b/spec/fabricators/registrar_fabricator.rb
@ -10,6 +10,7 @@ Fabricator(:registrar) do
  code { sequence(:code) { |i| "REGISTRAR#{i}" } }
  reference_no { sequence(:reference_no) { |i| "RF#{i}" } }
  accounts(count: 1)
+  white_ips { [Fabricate(:white_ip_repp, ipv4: '127.0.0.1')] }
 end

 Fabricator(:registrar_with_no_account_activities, from: :registrar) do
--- a/spec/fabricators/white_ip_fabricator.rb
+++ b/spec/fabricators/white_ip_fabricator.rb
@ -1,4 +1,9 @@
 Fabricator(:white_ip) do
  ipv4 '192.168.1.1'
-  interface WhiteIp::INTERFACE_EPP
+  interface WhiteIp::EPP
+end
+
+Fabricator(:white_ip_repp, from: :white_ip) do
+  ipv4 '127.0.0.1'
+  interface WhiteIp::REPP
 end