Skip to content

Commit

Permalink
Add support for allowing and disallowing specific IP addresses.
Browse files Browse the repository at this point in the history
  • Loading branch information
hermanzdosilovic committed Jan 14, 2020
1 parent f61b549 commit 4fd0f34
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 1 deletion.
8 changes: 8 additions & 0 deletions app/controllers/sessions_controller.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
class SessionsController < ActionController::API
before_action :verify_ip_address
before_action :authenticate_request
before_action :authorize_request, only: [:authorize]

Expand All @@ -12,6 +13,13 @@ def authorize

private

def verify_ip_address
@@disallowed_ip_addresses ||= ENV['DISALLOW_IP'].to_s.split - ENV['ALLOW_IP'].to_s.split
@@allowed_ip_addresses ||= ENV['ALLOW_IP'].to_s.split - ENV['DISALLOW_IP'].to_s.split
head :forbidden if @@disallowed_ip_addresses.include?(request.remote_ip)
head :forbidden if @@allowed_ip_addresses.present? && !@@allowed_ip_addresses.include?(request.remote_ip)
end

def authenticate_request
head :unauthorized if safe_compare(Rails.application.secrets.authn_token, Rails.application.secrets.authn_header)
end
Expand Down
14 changes: 13 additions & 1 deletion judge0-api.conf.default
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,18 @@ ALLOW_ORIGIN=
# DISALLOW_ORIGIN="www.judge0.com judge0.com www.example.com blog.example.com"
DISALLOW_ORIGIN=

# Allow only specified IP addresses.
# If left blank, then all IP addresses will be allowed.
# Example:
# ALLOW_IP="192.168.10.10 96.239.226.228 208.23.207.242"
ALLOW_IP=

# Disallow only specified IP addresses.
# If left blank, then no IP addresses will be disallowed.
# Example:
# DISALLOW_IP="192.168.10.10 96.239.226.228 208.23.207.242"
DISALLOW_IP=


###############################################################################
# Authentication
Expand Down Expand Up @@ -240,4 +252,4 @@ MAX_NUMBER_OF_RUNS=

# Redirect stderr to stdout.
# Default: false
REDIRECT_STDERR_TO_STDOUT=
REDIRECT_STDERR_TO_STDOUT=

0 comments on commit 4fd0f34

Please sign in to comment.