Add a system to restrict untrusted IPs

2023-12-12 01:52:46 +01:00
parent 4c839eb2d1
commit c7f7bfe67c
5 changed files with 43 additions and 3 deletions
--- a/virtweb_backend/src/middlewares/auth_middleware.rs
+++ b/virtweb_backend/src/middlewares/auth_middleware.rs
@ -61,6 +61,11 @@ where
        let service = Rc::clone(&self.service);

        Box::pin(async move {
+            let remote_ip =
+                actix_remote_ip::RemoteIP::from_request(req.request(), &mut Payload::None)
+                    .await
+                    .unwrap();
+
            let auth_disabled = AppConfig::get().unsecure_disable_auth;

            // Check authentication, if required
@ -89,6 +94,15 @@ where
                        )
                        .map_into_right_body());
                }
+
+                if !AppConfig::get().is_trusted_ip(remote_ip.0) && !req.method().as_str().eq("GET")
+                {
+                    return Ok(req
+                        .into_response(
+                            HttpResponse::MethodNotAllowed().json("I am sorry, but your IP is not trusted. You cannot perform this action!"),
+                        )
+                        .map_into_right_body());
+                }
            }

            service