public inbox for [email protected]
help / color / mirror / Atom feedFrom: Célestin Matte <[email protected]>
To: [email protected]
Subject: Re: [PATCH] pgarchives: Allow use of IP ranges for SEARCH_CLIENTS
Date: Thu, 4 Nov 2021 17:40:49 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <CABUevExfLntZSed94DxWB6OAMY1HCMebh1nQ2KUkZ_Rr7ML=Cg@mail.gmail.com>
References: <[email protected]>
<[email protected]>
<CABUevExfLntZSed94DxWB6OAMY1HCMebh1nQ2KUkZ_Rr7ML=Cg@mail.gmail.com>
It makes sense to do the same thing for API_CLIENTS, a similar variable. See patch attached.
--
Célestin Matte
Attachments:
[text/x-patch] 0001-Allow-use-of-IP-ranges-for-API_CLIENTS.patch (2.2K, 2-0001-Allow-use-of-IP-ranges-for-API_CLIENTS.patch)
download | inline diff:
From 4ce0343af7db3f05640f6820b3d0999d27a3adb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9lestin=20Matte?= <[email protected]>
Date: Thu, 4 Nov 2021 17:38:36 +0100
Subject: [PATCH] Allow use of IP ranges for API_CLIENTS
---
django/archives/mailarchives/api.py | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/django/archives/mailarchives/api.py b/django/archives/mailarchives/api.py
index 8909dac..a6b2536 100644
--- a/django/archives/mailarchives/api.py
+++ b/django/archives/mailarchives/api.py
@@ -1,6 +1,7 @@
from django.http import HttpResponse, HttpResponseForbidden
from django.shortcuts import get_object_or_404
from django.conf import settings
+import ipaddress
from .views import cache
from .models import Message, List
@@ -8,12 +9,19 @@ from .models import Message, List
import json
+def is_host_allowed(request):
+ for ip_range in settings.API_CLIENTS:
+ if ipaddress.ip_address(request.META['REMOTE_ADDR']) in ipaddress.ip_network(ip_range):
+ return True
+ return False
+
+
@cache(hours=4)
def listinfo(request):
if not settings.PUBLIC_ARCHIVES:
return HttpResponseForbidden('No API access on private archives for now')
- if not request.META['REMOTE_ADDR'] in settings.API_CLIENTS:
+ if not is_host_allowed(request):
return HttpResponseForbidden('Invalid host')
resp = HttpResponse(content_type='application/json')
@@ -33,7 +41,7 @@ def latest(request, listname):
if not settings.PUBLIC_ARCHIVES:
return HttpResponseForbidden('No API access on private archives for now')
- if not request.META['REMOTE_ADDR'] in settings.API_CLIENTS:
+ if not is_host_allowed(request):
return HttpResponseForbidden('Invalid host')
# Return the latest <n> messages on this list.
@@ -94,7 +102,7 @@ def thread(request, msgid):
if not settings.PUBLIC_ARCHIVES:
return HttpResponseForbidden('No API access on private archives for now')
- if not request.META['REMOTE_ADDR'] in settings.API_CLIENTS:
+ if not is_host_allowed(request):
return HttpResponseForbidden('Invalid host')
# Return metadata about a single thread. A list of all the emails
--
2.33.1
view thread (5+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: [PATCH] pgarchives: Allow use of IP ranges for SEARCH_CLIENTS
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox