Skip to content

Commit 469c037

Browse files
Merge pull request #96 from topcoder-platform/develop
restrict access based on the blockIP property of the jwt
2 parents 5b8d664 + 9b627ea commit 469c037

File tree

4 files changed

+17
-36
lines changed

4 files changed

+17
-36
lines changed

app-routes.js

+7-9
Original file line numberDiff line numberDiff line change
@@ -45,16 +45,14 @@ module.exports = (app) => {
4545
}
4646
})
4747

48-
if (def.forbiddenCountries) {
49-
actions.push(async (req, res, next) => {
50-
if (req.authUser.isMachine) {
51-
next()
48+
if (def.blockByIp) {
49+
actions.push((req, res, next) => {
50+
req.authUser.blockIP = _.find(req.authUser, (value, key) => {
51+
return (key.indexOf('blockIP') !== -1)
52+
})
53+
if (req.authUser.blockIP) {
54+
throw new errors.ForbiddenError('Access denied')
5255
} else {
53-
req.authUser.userId = String(req.authUser.userId)
54-
const user = await helper.getMemberById(req.authUser.userId)
55-
if (!user || _.intersection([user.homeCountryCode, user.competitionCountryCode], def.forbiddenCountries).length > 0) {
56-
throw new errors.ForbiddenError('Access denied')
57-
}
5856
next()
5957
}
6058
})

config/default.js

+1-21
Original file line numberDiff line numberDiff line change
@@ -68,25 +68,5 @@ module.exports = {
6868
RESOURCE_ROLE_CREATE_TOPIC: process.env.RESOURCE_ROLE_CREATE_TOPIC || 'challenge.action.resource.role.create',
6969
RESOURCE_ROLE_UPDATE_TOPIC: process.env.RESOURCE_ROLE_UPDATE_TOPIC || 'challenge.action.resource.role.update',
7070

71-
AUTOMATED_TESTING_NAME_PREFIX: process.env.AUTOMATED_TESTING_NAME_PREFIX || 'POSTMANE2E-',
72-
73-
FORBIDDEN_COUNTRIES: [
74-
'Iran',
75-
'North Korea',
76-
'Cuba',
77-
'Sudan',
78-
'Syria',
79-
'Belarus',
80-
'Russia',
81-
'Russian Federation'
82-
],
83-
FORBIDDEN_COUNTRIES_ALPHA_3: [
84-
'IRN',
85-
'PRK',
86-
'CUB',
87-
'SDN', 'SSD', // (south sudan)
88-
'SYR',
89-
'BLR',
90-
'RUS'
91-
]
71+
AUTOMATED_TESTING_NAME_PREFIX: process.env.AUTOMATED_TESTING_NAME_PREFIX || 'POSTMANE2E-'
9272
}

src/common/helper.js

+7-2
Original file line numberDiff line numberDiff line change
@@ -162,8 +162,13 @@ async function getMemberInfoById (id) {
162162
* @returns {Promise<void>}
163163
*/
164164
async function getMemberById (id) {
165-
const res = await getRequest(`${config.MEMBER_API_URL}?userId=${id}`)
166-
return _.get(res, 'data[0]')
165+
try {
166+
const res = await getRequest(`${config.MEMBER_API_URL}`, { userId: id })
167+
return _.get(res, 'body[0]')
168+
} catch (e) {
169+
logger.debug(e.message)
170+
logger.debug(e)
171+
}
167172
}
168173

169174
/**

src/routes.js

+2-4
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,7 @@
44

55
const constants = require('../app-constants')
66
const {
7-
SCOPES: { READ, CREATE, DELETE, UPDATE, ALL },
8-
FORBIDDEN_COUNTRIES,
9-
FORBIDDEN_COUNTRIES_ALPHA_3
7+
SCOPES: { READ, CREATE, DELETE, UPDATE, ALL }
108
} = require('config')
119

1210
module.exports = {
@@ -25,7 +23,7 @@ module.exports = {
2523
auth: 'jwt',
2624
access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
2725
scopes: [CREATE, ALL],
28-
forbiddenCountries: [...FORBIDDEN_COUNTRIES, ...FORBIDDEN_COUNTRIES_ALPHA_3]
26+
blockByIp: true
2927
},
3028
delete: {
3129
controller: 'ResourceController',

0 commit comments

Comments
 (0)