marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add ip whitelisting fix #12

This commit is contained in:
Erik Hommel 2017-07-19 16:40:09 +02:00
parent 7ad8a423b3
commit 0814e8457c
3 changed files with 48 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
proxy/config.php
View File

@ -74,11 +74,25 @@ $file_cache_include = array(
/**************************************************************** /****************************************************************
** REST API OPTIONS ** ** REST API OPTIONS **
****************************************************************/ ****************************************************************/
// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a default for the generic stuff that applies to all IP addresses
// - if a request comes in and the IP does not occur in the array, the whitelisted in 'default' are used
// - if a request comes in and the Ip does occur in the array, the whitelisted in the IP are checked first. If nothing is
// found ,the 'default' ones are checked next.
$rest_allowed_actions = array( $rest_allowed_actions = array(
// this is an example: 'default' => array(
'Contact' => array( 'Contact' => array(
'getsingle' => array( 'getsingle' => array(
'email' => 'string' 'email' => 'string',
),
),
),
'123.45.678.1' => array(
'Contact' => array(
'getsingle' => array(
'first_name' => 'string',
'last_name' => 'string',
),
),
), ),
)
); );

21
proxy/proxy.php
View File

@ -255,3 +255,24 @@ function civicrm_api3($entity, $action, $data) {
} }
} }
/**
* Function to get the valid rest_allowed_actions key
*
* @param $action
* @return bool
*/
function civiproxy_get_valid_allowed_actions_key($action) {
$remote_addr = $_SERVER['REMOTE_ADDR'];
// check IP specific whitelisting if specified for this address
if (isset($rest_allowed_actions[$remote_addr])) {
if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) {
$valid_key = $remote_addr;
} else {
$valid_key = 'default';
}
} else {
$valid_key = 'default';
}
return $valid_key;
}

8
proxy/rest.php
View File

@ -46,8 +46,12 @@ $action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'stri
if (!isset($action['version']) || $action['version'] != 3) { if (!isset($action['version']) || $action['version'] != 3) {
civiproxy_rest_error("Invalid entity/action."); civiproxy_rest_error("Invalid entity/action.");
} }
if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']]; // get valid key for the rest_allowed_actions
$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action);
if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
} else { } else {
civiproxy_rest_error("Invalid entity/action."); civiproxy_rest_error("Invalid entity/action.");
} }