Actions
Feature #1377
closedAPI: IP restrictions
Start date:
2020-10-03
Estimated time:
Description
Although it doesn't solve the issue for JavaScript frontends (#1233) it could be useful for other scenarios e.g. for THANADOS which doesn't want all data public but uses a Flask frontend.
Implementation details- Overrides the public (off) option
- localhost should always be accepted (for use in the backend)
- Multiple IPs are possible
- Can be configured in instance/production.py
Updated by Bernhard Koschiček-Krombholz almost 4 years ago
- Target version changed from 208 to 6.3.0
Updated by Bernhard Koschiček-Krombholz almost 4 years ago
- Status changed from Acknowledged to In Progress
- Assignee changed from Bernhard Koschiček-Krombholz to Alexander Watzinger
- Target version changed from 6.3.0 to 6.0.0
On develop the new feature is available. It is a decorator @check_ip, which checks the incoming IP against a list of IPs in app.config['ALLOWED_IPS']. I added it to every /api/ path.
Only logged in users can access the API or clients with the IP on the whitelist. I tested localhost locally, there it works.
I think my part is done.
Updated by Bernhard Koschiček-Krombholz almost 4 years ago
- Target version changed from 6.0.0 to 6.3.0
Updated by Bernhard Koschiček-Krombholz almost 4 years ago
- Related to Feature #1233: API: External Authentication added
Updated by Alexander Watzinger almost 4 years ago
- Description updated (diff)
- Status changed from In Progress to Closed
- Target version changed from 6.3.0 to 6.0.0
Thank you Berni for preparing, there were multiple issues:
Already fixed- IP should have overwritten the public off option but not the public on option, maybe I should have communicate that more clearly
- Since I don't think we need two access functions I merge them. But I wasn't sure why they weren't always called together so I hope I didn't miss something
- I noticed some inconsistency with orders of wrappers, this can matter so better watch out there
- I changed the error msg in api_access to "'Access denied!'" but not sure if we haven't already talked about this and there was a reason for this
- Configuration is still in default.py, I change that in one go if I move other stuff too
- Code coverage is now missing for 403 because localhost is always allowed but we wanted to look at tests anyway so I left it for now
I hope I didn't missed or break something on my part. It's all pushed in develop and online at the 2 frontend. Thanks again and see you soon.
Updated by Alexander Watzinger almost 4 years ago
- Target version changed from 6.0.0 to 5.6.0
Actions