From 4b93dfae7d1651d48e1f2a9af61bfc8088a3c949 Mon Sep 17 00:00:00 2001 From: Erik Hommel Date: Wed, 19 Jul 2017 18:57:30 +0200 Subject: [PATCH] work in progress issue 12 --- proxy/config.php | 10 +++++----- proxy/proxy.php | 4 ++-- proxy/rest.php | 22 ++++++++++++++++------ 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/proxy/config.php b/proxy/config.php index 85baa24..1d90e38 100644 --- a/proxy/config.php +++ b/proxy/config.php @@ -74,12 +74,12 @@ $file_cache_include = array( /**************************************************************** ** REST API OPTIONS ** ****************************************************************/ -// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a default for the generic stuff that applies to all IP addresses -// - if a request comes in and the IP does not occur in the array, the whitelisted in 'default' are used -// - if a request comes in and the Ip does occur in the array, the whitelisted in the IP are checked first. If nothing is -// found ,the 'default' ones are checked next. +// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses +// - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used +// - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is +// found ,the 'all' ones are checked next. $rest_allowed_actions = array( - 'default' => array( + 'all' => array( 'Contact' => array( 'getsingle' => array( 'email' => 'string', diff --git a/proxy/proxy.php b/proxy/proxy.php index b02efd6..b4cd504 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -268,10 +268,10 @@ function civiproxy_get_valid_allowed_actions_key($action) { if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) { $valid_key = $remote_addr; } else { - $valid_key = 'default'; + $valid_key = 'all'; } } else { - $valid_key = 'default'; + $valid_key = 'all'; } return $valid_key; } diff --git a/proxy/rest.php b/proxy/rest.php index 5ba8d6a..8b5e062 100644 --- a/proxy/rest.php +++ b/proxy/rest.php @@ -47,14 +47,24 @@ if (!isset($action['version']) || $action['version'] != 3) { civiproxy_rest_error("Invalid entity/action."); } -// get valid key for the rest_allowed_actions -$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action); +// in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility, +// the previous test is still used when no 'all' key is found in the array +if (isset($relst_allowed_actions['all'] { + // get valid key for the rest_allowed_actions + $valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action); -if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) { - $valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']]; + if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) { + $valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']]; + } else { + civiproxy_rest_error("Invalid entity/action."); + } } else { - civiproxy_rest_error("Invalid entity/action."); -} + if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) { + $valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']]; + } else { + civiproxy_rest_error("Invalid entity/action."); + } +} // extract parameters and add credentials and action data $parameters = civiproxy_get_parameters($valid_parameters);