mirror of
https://github.com/GSA/notifications-api.git
synced 2026-07-09 19:04:05 -04:00
initial logging for route protection
This commit is contained in:
@@ -47,8 +47,27 @@ def requires_no_auth():
|
||||
def restrict_ip_sms():
|
||||
# Check route of inbound sms (Experimental)
|
||||
# Temporary custom header for route security
|
||||
if request.headers.get("X-Custom-forwarder"):
|
||||
current_app.logger.info("X-Custom-forwarder received")
|
||||
# if request.headers.get("X-Custom-forwarder"):
|
||||
# current_app.logger.info("X-Custom-forwarder received")
|
||||
if request.headers.get("X-Custom-Forwarder"):
|
||||
route_secret_key = request.headers.get("X-Custom-Forwarder")
|
||||
key_1 = current_app.config.get('ROUTE_SECRET_KEY_1')
|
||||
key_2 = current_app.config.get('ROUTE_SECRET_KEY_2')
|
||||
key_used = 0
|
||||
route_allowed = False
|
||||
if route_secret_key == key_1:
|
||||
key_used = 1
|
||||
route_allowed = True
|
||||
elif route_secret_key == key_2:
|
||||
key_used = 2
|
||||
route_allowed = True
|
||||
|
||||
current_app.logger.info({
|
||||
'message': 'X-Custom-forwarder key {} is used'.format(key_used),
|
||||
'log_contents': {
|
||||
'passed': route_allowed,
|
||||
}
|
||||
})
|
||||
|
||||
# Check IP of SMS providers
|
||||
if request.headers.get("X-Forwarded-For"):
|
||||
|
||||
@@ -45,6 +45,8 @@ def extract_notify_config(notify_config):
|
||||
os.environ['SECRET_KEY'] = notify_config['credentials']['secret_key']
|
||||
os.environ['DANGEROUS_SALT'] = notify_config['credentials']['dangerous_salt']
|
||||
os.environ['SMS_INBOUND_WHITELIST'] = json.dumps(notify_config['credentials']['allow_ip_inbound_sms'])
|
||||
os.environ['ROUTE_SECRET_KEY_1'] = notify_config['credentials']['route_secret_key_1']
|
||||
os.environ['ROUTE_SECRET_KEY_2'] = notify_config['credentials']['route_secret_key_2']
|
||||
|
||||
|
||||
def extract_performance_platform_config(performance_platform_config):
|
||||
|
||||
@@ -287,6 +287,8 @@ class Config(object):
|
||||
FREE_SMS_TIER_FRAGMENT_COUNT = 250000
|
||||
|
||||
SMS_INBOUND_WHITELIST = json.loads(os.environ.get('SMS_INBOUND_WHITELIST', '[]'))
|
||||
ROUTE_SECRET_KEY_1 = os.environ['ROUTE_SECRET_KEY_1']
|
||||
ROUTE_SECRET_KEY_2 = os.environ['ROUTE_SECRET_KEY_2']
|
||||
|
||||
# Format is as follows:
|
||||
# {"dataset_1": "token_1", ...}
|
||||
|
||||
Reference in New Issue
Block a user