github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add ip allow list check

Browse Source
This commit is contained in:
rijkvanzanten
2020-10-13 15:50:23 -04:00
parent 9df6bd95a5
commit 292f2206ed
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/app.ts
View File

@@ -38,6 +38,7 @@ import graphqlRouter from './controllers/graphql';
import notFoundHandler from './controllers/not-found';
import sanitizeQuery from './middleware/sanitize-query';
import { checkIP } from './middleware/check-ip';
import { WebhooksService } from './services/webhooks';
import { InvalidPayloadException } from './exceptions';
@@ -98,6 +99,9 @@ app.use(sanitizeQuery);
app.use('/auth', authRouter);
app.use(authenticate);
app.use(checkIP);
app.use(cache);
app.use('/graphql', graphqlRouter);

17
api/src/middleware/check-ip.ts Normal file
View File

@@ -0,0 +1,17 @@
import { RequestHandler } from 'express';
import asyncHandler from 'express-async-handler';
import database from '../database';
import { InvalidIPException } from '../exceptions';
export const checkIP: RequestHandler = asyncHandler(async (req, res, next) => {
const role = await database
.select('ip_access')
.from('directus_roles')
.where({ id: req.accountability!.role })
.first();
const ipAllowlist = (role.ip_access || '').split(',').filter((ip: string) => ip);
if (ipAllowlist.length > 0 && ipAllowlist.includes(req.accountability!.ip) === false)
throw new InvalidIPException();
return next();
});