Skip to content

salesforce/refocus-whitelist

refocus-whitelist

Note: this repository is infrequently maintained.

Utility application for Refocus's API, Real-Time and UI applications to verify that all inbound requests originate from whitelisted IP addresses.

Currently supports IPv4.

Configuration

IP Whitelist

Set environment variable IP_WHITELIST with a comma-delimited list of discrete IP addresses (e.g. 1.2.3.4) and/or ranges of IP addresses separated by a dash (e.g. 1.2.3.4-1.2.3.255).

For example, if you wanted to whitelist "127.0.0.1" and all the addresses between 137.0.0.0-137.255.255.255 (inclusive), you would set your environment variable like this:

IP_WHITELIST=127.0.0.1,137.0.0.0-137.255.255.255

Note: whitespace around commas and dashes is ignored so this would do the same thing (if that feels more readable to you):

IP_WHITELIST=127.0.0.1, 137.0.0.0 - 137.255.255.255

If you do not set a whitelist OR you set an empty whitelist, it allows all IP addresses to access your Refocus applications.

If your IP_WHITELIST has any errors or there are any invalid IPv4 addresses, it refuses requests from all IP addresses to your Refocus applications until you fix the errors.

API Cache

Set environment variable API_CACHE_DURATION if you want to enable API caching. The value should be a string with a numeric value and unit, e.g. 30 seconds or 5 minutes or 1 hour.

Note that this caches the response in memory so restarting the application will reset the cache.

Refocus API, Real-Time and UI Applications

In each of your Refocus applications, you must set environment variable IP_WHITELIST_SERVICE to the base URL of this application.

Logging

If you are using Refocus Logging and the Refocus Logging Client please follow the extra configuration instructions provided therein.

API

GET /v1/verify/:address

If the :address provided in the path is a valid IPv4 address, return status 200 OK with content-type application/json:

{
  address: <String>,
  allow: <Boolean>
}

If the :address provided in the path is not a valid IPv4 address, return status 400 (Bad Request) with content-type text/plain:

Invalid IPv4 address: ":address"

Security

If deploying to Heroku, be sure to configure the Heroku application with the checkbox checked to "Make this app internal to this Private Space".

Debug

Set environment variable DEBUG with any of these or combinations thereof.

  • refocus-whitelist* (all debug AND all trace)
  • refocus-whitelist:* (all debug, no trace)
  • refocus-whitelist:expressUtils
  • refocus-whitelist:whitelistUtils
  • refocus-whitelist-trace:* (all trace, no debug)
  • refocus-whitelist-trace:common
  • refocus-whitelist-trace:whitelistUtils

Note: the refocus-whitelist-trace options are very verbose.

Version History

  • 1.1.1 - Update refocus-logging-client version to 1.0.6
  • 1.1.0 - Add option for consolidated Refocus logging using Kafka
  • 1.0.0

About

No description, website, or topics provided.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published