add ip whitelisting fix #12
This commit is contained in:
Erik Hommel
parent
7ad8a423b3
commit
0814e8457c
|
|
@ -74,11 +74,25 @@ $file_cache_include = array(
|
|||
/****************************************************************
|
||||
** REST API OPTIONS **
|
||||
****************************************************************/
|
||||
// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a default for the generic stuff that applies to all IP addresses
|
||||
// - if a request comes in and the IP does not occur in the array, the whitelisted in 'default' are used
|
||||
// - if a request comes in and the Ip does occur in the array, the whitelisted in the IP are checked first. If nothing is
|
||||
// found ,the 'default' ones are checked next.
|
||||
$rest_allowed_actions = array(
|
||||
// this is an example:
|
||||
'Contact' => array(
|
||||
'getsingle' => array(
|
||||
'email' => 'string'
|
||||
),
|
||||
)
|
||||
);
|
||||
'default' => array(
|
||||
'Contact' => array(
|
||||
'getsingle' => array(
|
||||
'email' => 'string',
|
||||
),
|
||||
),
|
||||
),
|
||||
'123.45.678.1' => array(
|
||||
'Contact' => array(
|
||||
'getsingle' => array(
|
||||
'first_name' => 'string',
|
||||
'last_name' => 'string',
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -255,3 +255,24 @@ function civicrm_api3($entity, $action, $data) {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to get the valid rest_allowed_actions key
|
||||
*
|
||||
* @param $action
|
||||
* @return bool
|
||||
*/
|
||||
function civiproxy_get_valid_allowed_actions_key($action) {
|
||||
$remote_addr = $_SERVER['REMOTE_ADDR'];
|
||||
// check IP specific whitelisting if specified for this address
|
||||
if (isset($rest_allowed_actions[$remote_addr])) {
|
||||
if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) {
|
||||
$valid_key = $remote_addr;
|
||||
} else {
|
||||
$valid_key = 'default';
|
||||
}
|
||||
} else {
|
||||
$valid_key = 'default';
|
||||
}
|
||||
return $valid_key;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -46,8 +46,12 @@ $action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'stri
|
|||
if (!isset($action['version']) || $action['version'] != 3) {
|
||||
civiproxy_rest_error("Invalid entity/action.");
|
||||
}
|
||||
if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
|
||||
$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
|
||||
|
||||
// get valid key for the rest_allowed_actions
|
||||
$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action);
|
||||
|
||||
if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
|
||||
$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
|
||||
} else {
|
||||
civiproxy_rest_error("Invalid entity/action.");
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue