From 4abfbacbbfec85eabecc8e81e9f7474cee68fd9f Mon Sep 17 00:00:00 2001 From: Elaman Date: Sat, 11 Dec 2021 17:45:19 +0600 Subject: [PATCH 1/6] Ip Filter --- build.gradle | 2 + .../components/GatewayApplicationRemove.js | 6 +- .../openfuture/api/config/SecurityConfig.kt | 3 + .../config/filter/ApiAuthorizationFilter.kt | 46 ++++++++++-- .../api/config/filter/IpAddressFilter.kt | 72 +++++++++++++++++++ .../filter/PublicApiAuthorizationFilter.kt | 9 +-- .../config/propety/AuthorizationProperties.kt | 3 +- .../api/ApplicationApiController.kt | 2 +- .../DefaultApplicationWalletService.kt | 4 +- .../io/openfuture/api/util/NetworkUtils.kt | 9 +++ 10 files changed, 138 insertions(+), 18 deletions(-) create mode 100644 src/main/kotlin/io/openfuture/api/config/filter/IpAddressFilter.kt create mode 100644 src/main/kotlin/io/openfuture/api/util/NetworkUtils.kt diff --git a/build.gradle b/build.gradle index 3f703aa1..53e9aba4 100644 --- a/build.gradle +++ b/build.gradle @@ -59,6 +59,8 @@ dependencies { // Utils implementation('commons-io:commons-io:2.8.0') implementation 'org.apache.commons:commons-lang3:3.6' + implementation group: 'commons-net', name: 'commons-net', version: '3.6' + // Test testImplementation('org.springframework.boot:spring-boot-starter-test') diff --git a/frontend/src/components/GatewayApplicationRemove.js b/frontend/src/components/GatewayApplicationRemove.js index 88f4c86e..34d83d89 100644 --- a/frontend/src/components/GatewayApplicationRemove.js +++ b/frontend/src/components/GatewayApplicationRemove.js @@ -3,9 +3,9 @@ import {t} from "../utils/messageTexts"; import React from "react"; export const GatewayApplicationRemove = ({ onSubmit }) => ( - +
- {t('sure to delete Gateway')} + {t('sure to delete Application')}
-); \ No newline at end of file +); diff --git a/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt b/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt index 16c163db..f2df5f70 100644 --- a/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt +++ b/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt @@ -3,6 +3,7 @@ package io.openfuture.api.config import com.fasterxml.jackson.databind.ObjectMapper import io.openfuture.api.config.filter.ApiAuthorizationFilter import io.openfuture.api.config.filter.AuthorizationFilter +import io.openfuture.api.config.filter.IpAddressFilter import io.openfuture.api.config.filter.PublicApiAuthorizationFilter import io.openfuture.api.config.handler.AuthenticationSuccessHandler import io.openfuture.api.config.propety.AuthorizationProperties @@ -47,7 +48,9 @@ class SecurityConfig( .addFilterAfter(AuthorizationFilter(properties, keyService), OAuth2LoginAuthenticationFilter::class.java) .addFilterAfter(ApiAuthorizationFilter(mapper), AuthorizationFilter::class.java) + //.addFilterAfter(IpAddressFilter(properties), ApiAuthorizationFilter::class.java) .addFilterAfter(PublicApiAuthorizationFilter(applicationService, mapper, properties), AuthorizationFilter::class.java) + .sessionManagement().sessionCreationPolicy(STATELESS) .and() diff --git a/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt b/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt index e7838c31..4c68cd55 100644 --- a/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt +++ b/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt @@ -2,26 +2,39 @@ package io.openfuture.api.config.filter import com.fasterxml.jackson.databind.ObjectMapper import io.openfuture.api.domain.exception.ExceptionResponse +import io.openfuture.api.util.getIpRange import org.springframework.http.HttpStatus.UNAUTHORIZED import org.springframework.security.core.context.SecurityContextHolder +import org.springframework.security.web.util.matcher.IpAddressMatcher +import java.io.IOException import javax.servlet.* import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpServletResponse class ApiAuthorizationFilter(private val mapper: ObjectMapper): Filter { + private val IPV4_LOOPBACK = "127.0.0.1" + private val IPV6_LOOPBACK = "0:0:0:0:0:0:0:1" + private var ipList = arrayListOf() + var allowLocalhost = true + override fun init(filterConfig: FilterConfig?) { - // Do nothing + ipList = getIpRange("192.168.1.0/28") } override fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) { request as HttpServletRequest response as HttpServletResponse - if (request.requestURI.startsWith("/api") && null == SecurityContextHolder.getContext().authentication) { - val exceptionResponse = ExceptionResponse(UNAUTHORIZED.value(), "Open token is invalid or disabled") - response.status = exceptionResponse.status - response.writer.write(mapper.writeValueAsString(exceptionResponse)) + ipList.stream().map { ip -> print(ip) } + + /* if (!isAllowed(request)) { + deny(response) + return; + }*/ + + if (!isAllowed(request) && request.requestURI.startsWith("/api") && null == SecurityContextHolder.getContext().authentication) { + deny(response) return } @@ -32,4 +45,27 @@ class ApiAuthorizationFilter(private val mapper: ObjectMapper): Filter { // Do nothing } + @Throws(IOException::class) + fun deny(res: HttpServletResponse) { + val exceptionResponse = ExceptionResponse(UNAUTHORIZED.value(), "Open token is invalid or disabled") + res.status = exceptionResponse.status + res.writer.write(mapper.writeValueAsString(exceptionResponse)) + } + + fun isAllowed(request: HttpServletRequest): Boolean { + + val ip = request.remoteAddr + if (allowLocalhost && (IPV4_LOOPBACK == ip || IPV6_LOOPBACK == ip)) { + return true + } + + val matcher = IpAddressMatcher("192.168.1.0/24") + + if (!matcher.matches(request.getHeader("X-Forwarded-For"))) { + return true + } + + return false + } + } \ No newline at end of file diff --git a/src/main/kotlin/io/openfuture/api/config/filter/IpAddressFilter.kt b/src/main/kotlin/io/openfuture/api/config/filter/IpAddressFilter.kt new file mode 100644 index 00000000..0dc22e08 --- /dev/null +++ b/src/main/kotlin/io/openfuture/api/config/filter/IpAddressFilter.kt @@ -0,0 +1,72 @@ +package io.openfuture.api.config.filter + +import io.openfuture.api.config.propety.AuthorizationProperties +import io.openfuture.api.util.getIpRange +import org.springframework.security.web.util.matcher.IpAddressMatcher +import java.io.IOException +import javax.servlet.* +import javax.servlet.http.HttpServletRequest +import javax.servlet.http.HttpServletResponse + + +class IpAddressFilter( + private val properties: AuthorizationProperties +) : Filter { + + private val IPV4_LOOPBACK = "127.0.0.1" + private val IPV6_LOOPBACK = "0:0:0:0:0:0:0:1" + private var ipList = arrayListOf() + var allowLocalhost = true + + override fun init(filterConfig: FilterConfig?) { + ipList = getIpRange(properties.cidr!!) + ipList.stream().map { ip -> print(ip) } + } + + override fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) { + request as HttpServletRequest + response as HttpServletResponse + + println("REMOTE ADDRESS ${request.getHeader("X-Forwarded-For")}") + + + if (!isAllowed(request)) { + println("DENIED") + deny(response) + return + } + chain.doFilter(request, response) + } + + @Throws(IOException::class) + fun deny(res: HttpServletResponse) { + res.sendError(HttpServletResponse.SC_NOT_FOUND) + } + + override fun destroy() { + + } + + fun isAllowed(request: HttpServletRequest): Boolean { + + val ip = request.remoteAddr + if (allowLocalhost && (IPV4_LOOPBACK == ip || IPV6_LOOPBACK == ip)) { + return true + } + /*var uri = request.getAttribute(WebUtils.FORWARD_REQUEST_URI_ATTRIBUTE) as String + if (!StringUtils.isEmpty(uri)) { + uri = request.requestURI + if (request.contextPath != "/" && uri.startsWith(request.contextPath)) { + uri = uri.substring(request.contextPath.length) + } + }*/ + + val matcher = IpAddressMatcher("192.168.1.0/24") + + if (!matcher.matches(request.getHeader("X-Forwarded-For"))) { + return true + } + + return false + } +} \ No newline at end of file diff --git a/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt b/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt index db5eec8a..c798ccd3 100644 --- a/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt +++ b/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt @@ -6,10 +6,7 @@ import org.springframework.http.HttpStatus.UNAUTHORIZED import io.openfuture.api.domain.exception.ExceptionResponse import io.openfuture.api.domain.key.WalletApiCreateRequest import io.openfuture.api.service.ApplicationService -import io.openfuture.api.util.CustomHttpRequestWrapper -import io.openfuture.api.util.KeyGeneratorUtils -import io.openfuture.api.util.currentEpochs -import io.openfuture.api.util.differenceEpochs +import io.openfuture.api.util.* import org.springframework.security.authentication.UsernamePasswordAuthenticationToken import org.springframework.security.core.authority.SimpleGrantedAuthority import org.springframework.security.core.context.SecurityContextHolder @@ -36,7 +33,7 @@ class PublicApiAuthorizationFilter( val accessKey = request.getHeader("X-API-KEY") val signature = request.getHeader("X-API-SIGNATURE") - val expirePeriod = 10L; + val expirePeriod = properties.expireApi!! val requestWrapper = CustomHttpRequestWrapper(request) val walletApiCreateRequest = mapper.readValue(requestWrapper.bodyInStringFormat, WalletApiCreateRequest::class.java) @@ -59,7 +56,7 @@ class PublicApiAuthorizationFilter( val token = UsernamePasswordAuthenticationToken(application.user, null, listOf(SimpleGrantedAuthority("ROLE_APPLICATION"))) SecurityContextHolder.getContext().authentication = token - chain.doFilter(requestWrapper, response); + chain.doFilter(requestWrapper, response) return } diff --git a/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt b/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt index 8374bc7a..6fbed837 100644 --- a/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt +++ b/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt @@ -10,5 +10,6 @@ import javax.validation.constraints.NotEmpty @Component class AuthorizationProperties( @field:NotEmpty var cookieName: String? = null, - var expireApi: Long? = 10 + var expireApi: Long? = 10, + var cidr: String? ) \ No newline at end of file diff --git a/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt b/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt index a42b04c3..f18454f7 100644 --- a/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt +++ b/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt @@ -37,7 +37,7 @@ class ApplicationApiController( } @GetMapping("/{id}") - fun get(@CurrentUser user: User, @PathVariable id: Long): ApplicationDto { + fun get(@PathVariable id: Long): ApplicationDto { val application = service.getById(id) return ApplicationDto(application) } diff --git a/src/main/kotlin/io/openfuture/api/service/DefaultApplicationWalletService.kt b/src/main/kotlin/io/openfuture/api/service/DefaultApplicationWalletService.kt index f2224b72..fbf3357f 100644 --- a/src/main/kotlin/io/openfuture/api/service/DefaultApplicationWalletService.kt +++ b/src/main/kotlin/io/openfuture/api/service/DefaultApplicationWalletService.kt @@ -22,7 +22,7 @@ class DefaultApplicationWalletService( val keyWalletDto = keyApi.generateKey(CreateKeyRequest(request.applicationId, user.id.toString(), request.blockchainType)) // Save webhook on state - request.webHook.let { stateApi.createWallet(keyWalletDto.address, it, Blockchain.Ethereum) } + //request.webHook.let { stateApi.createWallet(keyWalletDto.address, it, Blockchain.Ethereum) } return keyWalletDto } @@ -35,6 +35,6 @@ class DefaultApplicationWalletService( // Delete from Open Key keyApi.deleteAllKeysByApplicationAddress(applicationId, address) // Delete from Open State - stateApi.deleteWallet(address, Blockchain.Ethereum) + //stateApi.deleteWallet(address, Blockchain.Ethereum) } } \ No newline at end of file diff --git a/src/main/kotlin/io/openfuture/api/util/NetworkUtils.kt b/src/main/kotlin/io/openfuture/api/util/NetworkUtils.kt new file mode 100644 index 00000000..e97a30e6 --- /dev/null +++ b/src/main/kotlin/io/openfuture/api/util/NetworkUtils.kt @@ -0,0 +1,9 @@ +package io.openfuture.api.util + +import org.apache.commons.net.util.SubnetUtils + +fun getIpRange(subnet: String): ArrayList { + val utils = SubnetUtils(subnet) + + return utils.info.allAddresses!!.toCollection(ArrayList()) +} From 9caaa114d0adc86a9ae7a571089d1b39c4eeae02 Mon Sep 17 00:00:00 2001 From: Elaman Date: Mon, 13 Dec 2021 22:35:07 +0600 Subject: [PATCH 2/6] Ip Filter --- .../components/GatewayApplicationRemove.js | 6 ++-- .../openfuture/api/config/SecurityConfig.kt | 3 +- .../config/filter/ApiAuthorizationFilter.kt | 29 +++++++++++++++++-- .../filter/PublicApiAuthorizationFilter.kt | 2 +- .../config/propety/AuthorizationProperties.kt | 3 +- .../api/ApplicationApiController.kt | 2 +- src/main/resources/application.properties | 1 + 7 files changed, 37 insertions(+), 9 deletions(-) diff --git a/frontend/src/components/GatewayApplicationRemove.js b/frontend/src/components/GatewayApplicationRemove.js index 88f4c86e..34d83d89 100644 --- a/frontend/src/components/GatewayApplicationRemove.js +++ b/frontend/src/components/GatewayApplicationRemove.js @@ -3,9 +3,9 @@ import {t} from "../utils/messageTexts"; import React from "react"; export const GatewayApplicationRemove = ({ onSubmit }) => ( - +
- {t('sure to delete Gateway')} + {t('sure to delete Application')}
-); \ No newline at end of file +); diff --git a/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt b/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt index 16c163db..29cc8431 100644 --- a/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt +++ b/src/main/kotlin/io/openfuture/api/config/SecurityConfig.kt @@ -41,12 +41,13 @@ class SecurityConfig( .antMatchers("/static/**").permitAll() .antMatchers("**.js").permitAll() .antMatchers("/widget/**").permitAll() + .antMatchers("/**").access("hasIpAddress('127.0.0.1') or hasIpAddress('0:0:0:0:0:0:0:1') or hasIpAddress('${properties.cidr}')") .anyRequest().authenticated() .and() .addFilterAfter(AuthorizationFilter(properties, keyService), OAuth2LoginAuthenticationFilter::class.java) - .addFilterAfter(ApiAuthorizationFilter(mapper), AuthorizationFilter::class.java) + .addFilterAfter(ApiAuthorizationFilter(mapper,properties), AuthorizationFilter::class.java) .addFilterAfter(PublicApiAuthorizationFilter(applicationService, mapper, properties), AuthorizationFilter::class.java) .sessionManagement().sessionCreationPolicy(STATELESS) diff --git a/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt b/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt index e7838c31..01662e1a 100644 --- a/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt +++ b/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt @@ -1,14 +1,23 @@ package io.openfuture.api.config.filter import com.fasterxml.jackson.databind.ObjectMapper +import io.openfuture.api.config.propety.AuthorizationProperties import io.openfuture.api.domain.exception.ExceptionResponse import org.springframework.http.HttpStatus.UNAUTHORIZED import org.springframework.security.core.context.SecurityContextHolder +import org.springframework.security.web.util.matcher.IpAddressMatcher import javax.servlet.* import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpServletResponse -class ApiAuthorizationFilter(private val mapper: ObjectMapper): Filter { +class ApiAuthorizationFilter( + private val mapper: ObjectMapper, + private val properties: AuthorizationProperties +): Filter { + + private val ipV4LoopBack = "127.0.0.1" + private val ipV6LoopBack = "0:0:0:0:0:0:0:1" + var allowLocalhost = true override fun init(filterConfig: FilterConfig?) { // Do nothing @@ -18,7 +27,7 @@ class ApiAuthorizationFilter(private val mapper: ObjectMapper): Filter { request as HttpServletRequest response as HttpServletResponse - if (request.requestURI.startsWith("/api") && null == SecurityContextHolder.getContext().authentication) { + if (request.requestURI.startsWith("/api") && null == SecurityContextHolder.getContext().authentication && !isAllowed(request)) { val exceptionResponse = ExceptionResponse(UNAUTHORIZED.value(), "Open token is invalid or disabled") response.status = exceptionResponse.status response.writer.write(mapper.writeValueAsString(exceptionResponse)) @@ -32,4 +41,20 @@ class ApiAuthorizationFilter(private val mapper: ObjectMapper): Filter { // Do nothing } + fun isAllowed(request: HttpServletRequest): Boolean { + + val ip = request.remoteAddr + if (allowLocalhost && (ipV4LoopBack == ip || ipV6LoopBack == ip)) { + return true + } + + val matcher = IpAddressMatcher(properties.cidr) + + if (matcher.matches(request.getHeader("X-Forwarded-For"))) { + return true + } + + return false + } + } \ No newline at end of file diff --git a/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt b/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt index db5eec8a..10a91203 100644 --- a/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt +++ b/src/main/kotlin/io/openfuture/api/config/filter/PublicApiAuthorizationFilter.kt @@ -36,7 +36,7 @@ class PublicApiAuthorizationFilter( val accessKey = request.getHeader("X-API-KEY") val signature = request.getHeader("X-API-SIGNATURE") - val expirePeriod = 10L; + val expirePeriod = properties.expireApi!! val requestWrapper = CustomHttpRequestWrapper(request) val walletApiCreateRequest = mapper.readValue(requestWrapper.bodyInStringFormat, WalletApiCreateRequest::class.java) diff --git a/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt b/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt index 8374bc7a..817faa63 100644 --- a/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt +++ b/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt @@ -10,5 +10,6 @@ import javax.validation.constraints.NotEmpty @Component class AuthorizationProperties( @field:NotEmpty var cookieName: String? = null, - var expireApi: Long? = 10 + var expireApi: Long? = 10, + var cidr: String? = null ) \ No newline at end of file diff --git a/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt b/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt index a42b04c3..f18454f7 100644 --- a/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt +++ b/src/main/kotlin/io/openfuture/api/controller/api/ApplicationApiController.kt @@ -37,7 +37,7 @@ class ApplicationApiController( } @GetMapping("/{id}") - fun get(@CurrentUser user: User, @PathVariable id: Long): ApplicationDto { + fun get(@PathVariable id: Long): ApplicationDto { val application = service.getById(id) return ApplicationDto(application) } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 1e78774f..cf7299d2 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -20,6 +20,7 @@ ethereum.event-subscription=${EVENT_SUBSCRIPTION} # AUTH auth.cookie-name=open_key auth.expire-api=10 +auth.cidr=${PUBLIC_IP_SUBNET} # WIDGET widget.host=${WIDGET_HOST} From a2a2c0d7982dc535b9748ee18bdf2c6b0dbbd2b2 Mon Sep 17 00:00:00 2001 From: bborbuev Date: Mon, 13 Dec 2021 19:00:09 +0200 Subject: [PATCH 3/6] SA-41 Deploy Open Key + Open API --- .github/workflows/open-api-ci-cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/open-api-ci-cd.yml b/.github/workflows/open-api-ci-cd.yml index 58243288..af669cc1 100644 --- a/.github/workflows/open-api-ci-cd.yml +++ b/.github/workflows/open-api-ci-cd.yml @@ -211,6 +211,7 @@ jobs: -e "WIDGET_HOST=${{ secrets.WIDGET_HOST_PROD }}" \ -e "OPEN_STATE_URL=${{ secrets.OPEN_STATE_URLPROD }}" \ -e "STATE_API_URL=${{ secrets.STATE_API_URL_PROD }}" \ + -e "OPEN_KEY_URL=${{ secrets.OPEN_KEY_URL_PROD }}" \ ${{ env.DEPLOY_IMAGE_NAME }}:${{ env.DEPLOY_IMAGE_TAG }} " From 0f7d6c79d8d908c4d1693d00bc4ece36185c2dea Mon Sep 17 00:00:00 2001 From: Elaman Date: Mon, 13 Dec 2021 23:05:32 +0600 Subject: [PATCH 4/6] Ip Filter allow local host to properties --- .../api/config/filter/ApiAuthorizationFilter.kt | 11 ++++++----- .../api/config/propety/AuthorizationProperties.kt | 3 ++- src/main/resources/application.properties | 1 + 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt b/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt index 01662e1a..3ac844bf 100644 --- a/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt +++ b/src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt @@ -17,7 +17,6 @@ class ApiAuthorizationFilter( private val ipV4LoopBack = "127.0.0.1" private val ipV6LoopBack = "0:0:0:0:0:0:0:1" - var allowLocalhost = true override fun init(filterConfig: FilterConfig?) { // Do nothing @@ -44,14 +43,16 @@ class ApiAuthorizationFilter( fun isAllowed(request: HttpServletRequest): Boolean { val ip = request.remoteAddr - if (allowLocalhost && (ipV4LoopBack == ip || ipV6LoopBack == ip)) { + if (properties.allowLocalHost && (ipV4LoopBack == ip || ipV6LoopBack == ip)) { return true } - val matcher = IpAddressMatcher(properties.cidr) + if (properties.cidr != null) { + val matcher = IpAddressMatcher(properties.cidr) - if (matcher.matches(request.getHeader("X-Forwarded-For"))) { - return true + if (matcher.matches(request.getHeader("X-Forwarded-For"))) { + return true + } } return false diff --git a/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt b/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt index 817faa63..c5cf5590 100644 --- a/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt +++ b/src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt @@ -11,5 +11,6 @@ import javax.validation.constraints.NotEmpty class AuthorizationProperties( @field:NotEmpty var cookieName: String? = null, var expireApi: Long? = 10, - var cidr: String? = null + var cidr: String? = null, + var allowLocalHost: Boolean = false ) \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index cf7299d2..f2677edb 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -21,6 +21,7 @@ ethereum.event-subscription=${EVENT_SUBSCRIPTION} auth.cookie-name=open_key auth.expire-api=10 auth.cidr=${PUBLIC_IP_SUBNET} +auth.allow-local-host=false # WIDGET widget.host=${WIDGET_HOST} From 3f4dc8732ead63db67a0a0b9e95c2c5258def410 Mon Sep 17 00:00:00 2001 From: bborbuev Date: Wed, 15 Dec 2021 15:41:09 +0200 Subject: [PATCH 5/6] SA-41 Deploy Open Key + Open API --- .github/workflows/open-api-ci-cd.yml | 2 +- build.gradle | 1 + .../resources/application-local.properties | 27 +++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 src/main/resources/application-local.properties diff --git a/.github/workflows/open-api-ci-cd.yml b/.github/workflows/open-api-ci-cd.yml index af669cc1..70c3bda1 100644 --- a/.github/workflows/open-api-ci-cd.yml +++ b/.github/workflows/open-api-ci-cd.yml @@ -209,7 +209,7 @@ jobs: -e "OPEN_TOKEN_ADDRESS=${{ secrets.OPEN_TOKEN_ADDRESS_PROD }}" \ -e "EVENT_SUBSCRIPTION=true" \ -e "WIDGET_HOST=${{ secrets.WIDGET_HOST_PROD }}" \ - -e "OPEN_STATE_URL=${{ secrets.OPEN_STATE_URLPROD }}" \ + -e "OPEN_STATE_URL=${{ secrets.OPEN_STATE_URL_PROD }}" \ -e "STATE_API_URL=${{ secrets.STATE_API_URL_PROD }}" \ -e "OPEN_KEY_URL=${{ secrets.OPEN_KEY_URL_PROD }}" \ ${{ env.DEPLOY_IMAGE_NAME }}:${{ env.DEPLOY_IMAGE_TAG }} diff --git a/build.gradle b/build.gradle index 3f703aa1..81e5b7a5 100644 --- a/build.gradle +++ b/build.gradle @@ -8,6 +8,7 @@ plugins { id 'org.springframework.boot' version '2.0.4.RELEASE' id 'com.palantir.git-version' version '0.12.0-rc2' id 'io.zensoft.versioning' version '1.1.0' + id("com.bmuschko.docker-spring-boot-application") version "7.1.0" } apply plugin: 'io.spring.dependency-management' diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties new file mode 100644 index 00000000..90ae7749 --- /dev/null +++ b/src/main/resources/application-local.properties @@ -0,0 +1,27 @@ +# SECURITY +spring.security.oauth2.client.registration.google.clientId=${GOOGLE_CLIENT_ID} +spring.security.oauth2.client.registration.google.clientSecret=${GOOGLE_CLIENT_SECRET} + +# DATABASE +spring.datasource.driver-class-name=org.postgresql.Driver +spring.datasource.url=jdbc:postgresql://${POSTGRES_HOST}/${POSTGRES_DB} +spring.datasource.username=${POSTGRES_USER} +spring.datasource.password=${POSTGRES_PASSWORD} +spring.jpa.hibernate.ddl-auto=validate +spring.jpa.database=postgresql +spring.flyway.out-of-order=true + +# WEB3 +web3j.client-address=${NETWORK_URL} +ethereum.private-key=${ETHEREUM_PRIVATE_KEY} +ethereum.open-token-address=${OPEN_TOKEN_ADDRESS} +ethereum.event-subscription=${EVENT_SUBSCRIPTION} + +# AUTH +auth.cookie-name=open_key + +# WIDGET +widget.host=${WIDGET_HOST} + +# STATE +state.base-url=${OPEN_STATE_URL} From bd6f2f06d61e46d6ce9e66bc727ff4d11fbbe008 Mon Sep 17 00:00:00 2001 From: bborbuev Date: Wed, 15 Dec 2021 16:08:38 +0200 Subject: [PATCH 6/6] SA-41 Deploy Open Key + Open API --- build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/build.gradle b/build.gradle index 81e5b7a5..3f703aa1 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,6 @@ plugins { id 'org.springframework.boot' version '2.0.4.RELEASE' id 'com.palantir.git-version' version '0.12.0-rc2' id 'io.zensoft.versioning' version '1.1.0' - id("com.bmuschko.docker-spring-boot-application") version "7.1.0" } apply plugin: 'io.spring.dependency-management'