Check inbound sms IP address stage 1

IP address checked
2025-12-18 16:12:32 -05:00 · 2017-07-03 14:14:17 +01:00
parent 72000c38aa
commit d6c69bf437
3 changed files with 14 additions and 10 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -116,7 +116,7 @@ def register_blueprint(application):
    ses_callback_blueprint.before_request(requires_no_auth)
    application.register_blueprint(ses_callback_blueprint)

-    sms_callback_blueprint.before_request(requires_no_auth)
+    sms_callback_blueprint.before_request(restrict_ip_sms)
    application.register_blueprint(sms_callback_blueprint)

    receive_notifications_blueprint.before_request(restrict_ip_sms)
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -45,16 +45,17 @@ def requires_no_auth():


 def restrict_ip_sms():
-    '''
-    ip_addr = jsonify({'remote_addr': request.remote_addr,
-                       'X-Forwarded_FOR': request.headers.getlist('X-Forwarded-For'),
-                       'X_Real-Ip': request.headers.getlist('X-Real-Ip')})
-    '''
-    current_app.logger.info("Inbound sms ip addresses remote_addr = {}, "
-                            "X-Forwarded_FOR = {}".format(request.remote_addr,
-                                                          request.headers.getlist('X-Forwarded-For')))
+    ip = ''
+    if request.headers.getlist("X-Forwarded-For"):
+        ip = request.headers.getlist("X-Forwarded-For")[0]

-    return
+    if ip in current_app.config.get('ALLOW_IP_INBOUND_SMS'):
+        current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))
+        return
+    else:
+        current_app.logger.info("Inbound sms ip addresses {} blocked ".format(ip))
+        return
+        # raise AuthError('Unknown source IP address from the SMS provider', 403)


 def requires_admin_auth():
--- a/app/config.py
+++ b/app/config.py
@@ -262,6 +262,9 @@ class Config(object):

    FREE_SMS_TIER_FRAGMENT_COUNT = 250000

+    ALLOW_IP_INBOUND_SMS = []
+
+

 ######################
 # Config overrides ###