🎨 [#722] added real_user_ip for the whitelist permission

maykinmedia · Aug 16, 2022 · 94817d7 · 94817d7
1 parent 912dc00
commit 94817d7
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 4 deletions.
diff --git a/default.conf b/default.conf
@@ -4,5 +4,6 @@ server {
 
     location /sdg {
         proxy_pass   http://web:8000;
+        proxy_set_header    X-Real-IP   $remote_addr;
     }
 }
diff --git a/src/sdg/api/migrations/0006_alter_token_whitelisted_ips.py b/src/sdg/api/migrations/0006_alter_token_whitelisted_ips.py
@@ -0,0 +1,27 @@
+# Generated by Django 3.2.13 on 2022-08-12 16:05
+
+from django.db import migrations, models
+import sdg.core.db.fields
+import sdg.core.models.validators
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("api", "0005_auto_20220812_0821"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="token",
+            name="whitelisted_ips",
+            field=sdg.core.db.fields.DynamicArrayField(
+                base_field=models.CharField(max_length=15),
+                blank=True,
+                default=list,
+                help_text="De IP adressen waarvan organisaties POST, UPDATE en DELETE API calls van kan maken met deze API token.",
+                size=None,
+                validators=[sdg.core.models.validators.validate_ip_adress],
+            ),
+        ),
+    ]
diff --git a/src/sdg/api/models.py b/src/sdg/api/models.py
@@ -61,7 +61,7 @@ class Token(models.Model):
         models.CharField(max_length=15),
         validators=[validate_ip_adress],
         help_text=_(
-            "De IP adressen waar organisaties onveilige API calls van mogen maken"
+            "De IP adressen waarvan organisaties POST, UPDATE en DELETE API calls van kan maken met deze API token."
         ),
         blank=True,
         default=list,

diff --git a/src/sdg/api/permissions.py b/src/sdg/api/permissions.py
@@ -9,9 +9,9 @@
 
 
 def get_client_ip(request):
-    x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
-    if x_forwarded_for:
-        ip = x_forwarded_for.split(",")[-1].strip()
+    real_ip = request.META.get(settings.REAL_USER_IP)
+    if real_ip:
+        ip = real_ip
     else:
         ip = request.META.get("REMOTE_ADDR")
     return ip

diff --git a/src/sdg/conf/base.py b/src/sdg/conf/base.py
@@ -576,3 +576,4 @@
 SPECTACULAR_SETTINGS["SERVERS"] = SDG_API_SERVER_INSTANCES
 
 WHITELISTING_ENABLED = config("WHITELISTING_ENABLED", default=True)
+REAL_USER_IP = config("REAL_USER_IP", default="X-Real-IP")
Original file line number	Diff line number	Diff line change
Expand Up		@@ -576,3 +576,4 @@
		SPECTACULAR_SETTINGS["SERVERS"] = SDG_API_SERVER_INSTANCES

		WHITELISTING_ENABLED = config("WHITELISTING_ENABLED", default=True)
		REAL_USER_IP = config("REAL_USER_IP", default="X-Real-IP")