kamikazechaser/cic-internal-integration
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow ip subnet comparison in ussd ip access check

Browse Source
This commit is contained in:
nolash 2021-04-06 18:24:49 +02:00
parent 7728f38f14
commit e668d0b8b3
Signed by untrusted user who does not match committer: lash
GPG Key ID: 21D2E7BB88C2A746
8 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/cic-notify/docker/Dockerfile
View File

@ -1,4 +1,4 @@
FROM python:3.8.6 FROM python:3.8.6-slim-buster
RUN apt-get update && \ RUN apt-get update && \
apt install -y gcc gnupg libpq-dev wget make g++ gnupg bash procps apt install -y gcc gnupg libpq-dev wget make g++ gnupg bash procps
@ -6,7 +6,7 @@ RUN apt-get update && \
WORKDIR /usr/src/cic-notify WORKDIR /usr/src/cic-notify
ARG pip_extra_index_url_flag='--index https://pypi.org/simple --extra-index-url https://pip.grassrootseconomics.net:8433' ARG pip_extra_index_url_flag='--index https://pypi.org/simple --extra-index-url https://pip.grassrootseconomics.net:8433'
RUN pip install $pip_extra_index_url_flag cic-base[full_graph]==0.1.2a44 RUN pip install $pip_extra_index_url_flag cic-base[full_graph]==0.1.2a61
COPY cic-notify/setup.cfg \ COPY cic-notify/setup.cfg \
cic-notify/setup.py \ cic-notify/setup.py \

2
apps/cic-notify/requirements.txt
View File

@ -1 +1 @@
cic_base[full_graph]~=0.1.2a46 cic_base[full_graph]~=0.1.2a61

2
apps/cic-notify/setup.cfg
View File

@ -1,6 +1,6 @@
[metadata] [metadata]
name = cic-notify name = cic-notify
version= 0.4.0a2 version= 0.4.0a3
description = CIC notifications service description = CIC notifications service
author = Louis Holbrook author = Louis Holbrook
author_email = dev@holbrook.no author_email = dev@holbrook.no

2
apps/cic-ussd/.config/app.ini
View File

@ -1,5 +1,5 @@
[app] [app]
ALLOWED_IP=127.0.0.1 ALLOWED_IP=0.0.0.0/0
LOCALE_FALLBACK=en LOCALE_FALLBACK=en
LOCALE_PATH=var/lib/locale/ LOCALE_PATH=var/lib/locale/
MAX_BODY_LENGTH=1024 MAX_BODY_LENGTH=1024

10
apps/cic-ussd/cic_ussd/validator.py
View File

@ -1,6 +1,7 @@
# standard imports # standard imports
import logging import logging
import re import re
import ipaddress
# third-party imports # third-party imports
from confini import Config from confini import Config
@ -20,7 +21,14 @@ def check_ip(config: Config, env: dict):
:return: Request IP validity :return: Request IP validity
:rtype: boolean :rtype: boolean
""" """
return env.get('REMOTE_ADDR') == config.get('APP_ALLOWED_IP') # TODO: do once at boot time
actual_ip = ipaddress.ip_network(env.get('REMOTE_ADDR') + '/32')
for allowed_net_src in config.get('APP_ALLOWED_IP').split(','):
allowed_net = ipaddress.ip_network(allowed_net_src)
if actual_ip.subnet_of(allowed_net):
return True
return False
def check_request_content_length(config: Config, env: dict): def check_request_content_length(config: Config, env: dict):

4
apps/cic-ussd/requirements.txt
View File

@ -1,4 +1,4 @@
cic_base[full_graph]~=0.1.2a58 cic_base[full_graph]~=0.1.2a61
cic-eth~=0.11.0a4 cic-eth~=0.11.0b1
cic-notify~=0.4.0a3 cic-notify~=0.4.0a3
cic-types~=0.1.0a10 cic-types~=0.1.0a10

4
docker-compose.yml
View File

@ -490,9 +490,9 @@ services:
DATABASE_ENGINE: postgresql DATABASE_ENGINE: postgresql
DATABASE_DRIVER: psycopg2 DATABASE_DRIVER: psycopg2
PGP_PASSPHRASE: merman PGP_PASSPHRASE: merman
SERVER_PORT: 8000 SERVER_PORT: 9000
ports: ports:
- ${HTTP_PORT_CIC_USSD:-63315}:8000 - ${HTTP_PORT_CIC_USSD:-63315}:9000
depends_on: depends_on:
- postgres - postgres
- redis - redis