From ff2c1fe8133f9556f6aaa52058cd8b83c40085e6 Mon Sep 17 00:00:00 2001 From: Rigel Kent Date: Tue, 22 May 2018 19:43:13 +0200 Subject: feature: IP filtering on signup page disable registration form on IP not in range checking the CIDR list before filtering with it placing the cidr filters as an attribute object in the config --- server/controllers/api/config.ts | 6 ++++-- server/controllers/api/users.ts | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'server/controllers') diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts index 12074a80e..f678e3c4a 100644 --- a/server/controllers/api/config.ts +++ b/server/controllers/api/config.ts @@ -4,7 +4,7 @@ import { ServerConfig, UserRight } from '../../../shared' import { About } from '../../../shared/models/server/about.model' import { CustomConfig } from '../../../shared/models/server/custom-config.model' import { unlinkPromise, writeFilePromise } from '../../helpers/core-utils' -import { isSignupAllowed } from '../../helpers/utils' +import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/utils' import { CONFIG, CONSTRAINTS_FIELDS, reloadConfig } from '../../initializers' import { asyncMiddleware, authenticate, ensureUserHasRight } from '../../middlewares' import { customConfigUpdateValidator } from '../../middlewares/validators/config' @@ -36,6 +36,7 @@ configRouter.delete('/custom', async function getConfig (req: express.Request, res: express.Response, next: express.NextFunction) { const allowed = await isSignupAllowed() + const allowedForCurrentIP = isSignupAllowedForCurrentIP(req.ip) const enabledResolutions = Object.keys(CONFIG.TRANSCODING.RESOLUTIONS) .filter(key => CONFIG.TRANSCODING.RESOLUTIONS[key] === true) @@ -54,7 +55,8 @@ async function getConfig (req: express.Request, res: express.Response, next: exp }, serverVersion: packageJSON.version, signup: { - allowed + allowed, + allowedForCurrentIP }, transcoding: { enabledResolutions diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 0a591f11d..8dff4b87c 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts @@ -19,6 +19,7 @@ import { authenticate, ensureUserHasRight, ensureUserRegistrationAllowed, + ensureUserRegistrationAllowedForIP, paginationValidator, setDefaultPagination, setDefaultSort, @@ -106,6 +107,7 @@ usersRouter.post('/', usersRouter.post('/register', asyncMiddleware(ensureUserRegistrationAllowed), + ensureUserRegistrationAllowedForIP, asyncMiddleware(usersRegisterValidator), asyncMiddleware(registerUserRetryWrapper) ) -- cgit v1.2.3