marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'issue12' to fix #12

This commit is contained in:
Erik Hommel 2017-07-20 11:15:38 +02:00
parent 7f73bc0b64 2c4c12cb56
commit b82cba324b
3 changed files with 61 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
proxy/config.php
View File

@ -74,11 +74,25 @@ $file_cache_include = array(
/**************************************************************** /****************************************************************
** REST API OPTIONS ** ** REST API OPTIONS **
****************************************************************/ ****************************************************************/
// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses
// - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used
// - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is
// found ,the 'all' ones are checked next.
$rest_allowed_actions = array( $rest_allowed_actions = array(
// this is an example: 'all' => array(
'Contact' => array( 'Contact' => array(
'getsingle' => array( 'getsingle' => array(
'email' => 'string' 'email' => 'string',
), ),
) ),
); ),
'123.45.678.1' => array(
'Contact' => array(
'getsingle' => array(
'first_name' => 'string',
'last_name' => 'string',
),
),
),
);

22
proxy/proxy.php
View File

@ -255,3 +255,25 @@ function civicrm_api3($entity, $action, $data) {
} }
} }
/**
* Function to get the valid rest_allowed_actions key
*
* @param $action
* @param $rest_allowed_actions
* @return bool
*/
function civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions) {
$remote_addr = $_SERVER['REMOTE_ADDR'];
// check IP specific whitelisting if specified for this address
if (isset($rest_allowed_actions[$remote_addr])) {
if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) {
$valid_key = $remote_addr;
} else {
$valid_key = 'all';
}
} else {
$valid_key = 'all';
}
return $valid_key;
}

20
proxy/rest.php
View File

@ -46,10 +46,24 @@ $action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'stri
if (!isset($action['version']) || $action['version'] != 3) { if (!isset($action['version']) || $action['version'] != 3) {
civiproxy_rest_error("Invalid entity/action."); civiproxy_rest_error("Invalid entity/action.");
} }
if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']]; // in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility,
// the previous test is still used when no 'all' key is found in the array
if (isset($rest_allowed_actions['all'])) {
// get valid key for the rest_allowed_actions
$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions);
if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
} else {
civiproxy_rest_error("Invalid entity/action.");
}
} else { } else {
civiproxy_rest_error("Invalid entity/action."); if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
} else {
civiproxy_rest_error("Invalid entity/action.");
}
} }
// extract parameters and add credentials and action data // extract parameters and add credentials and action data