Skip to content

Commit

Permalink
proxy-safe request IP
Browse files Browse the repository at this point in the history
  • Loading branch information
@fvanderbiest @carlos-jenkins
fvanderbiest authored and carlos-jenkins committed Jan 16, 2018
1 parent c4dc450 commit 45fda0d
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion webhooks.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,17 @@ def index():
# Allow Github IPs only
if config.get('github_ips_only', True):
src_ip = ip_address(
u'{}'.format(request.remote_addr) # Fix stupid ipaddress issue
u'{}'.format(request.access_route[0]) # Fix stupid ipaddress issue
)
whitelist = requests.get('https://api.github.com/meta').json()['hooks']

for valid_ip in whitelist:
if src_ip in ip_network(valid_ip):
break
else:
logging.error('IP {} not allowed'.format(
src_ip
))
abort(403)

# Enforce secret
Expand Down

0 comments on commit 45fda0d

Please sign in to comment.