Merge branch 'issue12' to fix #12

2017-07-20 11:15:38 +02:00 · 2017-07-20 11:15:38 +02:00 · b82cba324b
parent 7f73bc0b64 2c4c12cb56
commit b82cba324b
3 changed files with 61 additions and 11 deletions
--- a/proxy/config.php
+++ b/proxy/config.php
@ -74,11 +74,25 @@ $file_cache_include = array(
 /****************************************************************
 **                   REST API OPTIONS                         **
 ****************************************************************/
+// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses
+// - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used
+// - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is
+//   found ,the 'all' ones are checked next.
 $rest_allowed_actions = array(
-  // this is an example:
-  'Contact' => array(
-      'getsingle'      => array(
-                            'email' => 'string'
-                            ),
-    )
-  );
+  'all' => array(
+    'Contact' => array(
+      'getsingle' => array(
+        'email' => 'string',
+      ),
+    ),
+  ),
+  '123.45.678.1' => array(
+    'Contact' => array(
+      'getsingle' => array(
+        'first_name' => 'string',
+        'last_name' => 'string',
+      ),
+    ),
+  ),
+);
+
--- a/proxy/proxy.php
+++ b/proxy/proxy.php
@ -255,3 +255,25 @@ function civicrm_api3($entity, $action, $data) {
  }
 }

+/**
+ * Function to get the valid rest_allowed_actions key
+ *
+ * @param $action
+ * @param $rest_allowed_actions
+ * @return bool
+ */
+function civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions) {
+  $remote_addr = $_SERVER['REMOTE_ADDR'];
+  // check IP specific whitelisting if specified for this address
+  if (isset($rest_allowed_actions[$remote_addr])) {
+    if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) {
+      $valid_key = $remote_addr;
+    } else {
+      $valid_key = 'all';
+    }
+  } else {
+    $valid_key = 'all';
+  }
+  return $valid_key;
+}
+
--- a/proxy/rest.php
+++ b/proxy/rest.php
@ -46,11 +46,25 @@ $action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'stri
 if (!isset($action['version']) || $action['version'] != 3) {
  civiproxy_rest_error("Invalid entity/action.");
 }
-if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
-  $valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
+
+// in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility,
+// the previous test is still used when no 'all' key is found in the array
+if (isset($rest_allowed_actions['all'])) {
+	// get valid key for the rest_allowed_actions
+	$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions);
+
+	if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
+		$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
+	} else {
+		civiproxy_rest_error("Invalid entity/action.");
+	}
 } else {
-  civiproxy_rest_error("Invalid entity/action.");
-}
+	if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
+		$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
+	} else {
+		civiproxy_rest_error("Invalid entity/action.");
+	}
+}	

 // extract parameters and add credentials and action data
 $parameters = civiproxy_get_parameters($valid_parameters);