Skip to content

Commit 29552b6

Browse files
author
[Arusey]
committed
chore(block requests):block localhosts requests to deployment enviroments
- Block requests from localhoste being made to deployment enviroments Finishes #166203947
1 parent 25781ff commit 29552b6

File tree

5 files changed

+41
-11
lines changed

5 files changed

+41
-11
lines changed

.circleci/config.yml

+8-5
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,9 @@ gcloud_setup: &gcloud_setup
3636
run:
3737
name: setup gcloud
3838
command: |
39-
# install
39+
# install
4040
sudo curl https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz > /tmp/google-cloud-sdk.tar.gz
41-
sudo mkdir -p /usr/local/gcloud
41+
sudo mkdir -p /usr/local/gcloud
4242
sudo tar -C /usr/local/gcloud -xvf /tmp/google-cloud-sdk.tar.gz
4343
sudo /usr/local/gcloud/google-cloud-sdk/install.sh --quiet
4444
echo PATH=$PATH:/usr/local/gcloud/google-cloud-sdk/bin >> ~/.bashrc
@@ -190,7 +190,7 @@ jobs:
190190
command: |
191191
./cc-test-reporter before-build
192192
. venv/bin/activate
193-
coverage combine parallel-coverage/
193+
coverage combine parallel-coverage/
194194
coverage xml
195195
coverage report
196196
./cc-test-reporter format-coverage -o ./.coverage -t coverage.py
@@ -221,18 +221,21 @@ jobs:
221221
echo "CELERY_BROKER_URL"=$(echo $IMAGE_CELERY_BROKER_URL_PRODUCTION) >> .env
222222
echo "CELERY_RESULT_BACKEND"=$(echo $IMAGE_CELERY_RESULT_BACKEND_PRODUCTION) >> .env
223223
echo "MRM_PUSH_URL"=$(echo $IMAGE_MRM_PUSH_URL_PRODUCTION) >> .env
224+
echo "PROD_REQUEST_URL"=$(echo $IMAGE_PROD_REQUEST_URL) >> .env
224225
elif [ "$CIRCLE_BRANCH" == develop ]; then
225226
echo "DEV_DATABASE_URL"=$(echo $IMAGE_DEV_DATABASE_URL_STAGING) >> .env
226227
echo "DATABASE_URL"=$(echo $IMAGE_DATABASE_URL_STAGING) >> .env
227228
echo "CELERY_BROKER_URL"=$(echo $IMAGE_CELERY_BROKER_URL_STAGING) >> .env
228229
echo "CELERY_RESULT_BACKEND"=$(echo $IMAGE_CELERY_RESULT_BACKEND_STAGING) >> .env
229230
echo "MRM_PUSH_URL"=$(echo $IMAGE_MRM_PUSH_URL_STAGING) >> .env
231+
echo "PROD_REQUEST_URL"=$(echo $IMAGE_PROD_REQUEST_URL) >> .env
230232
else
231233
echo "DEV_DATABASE_URL"=$(echo $IMAGE_DEV_DATABASE_URL_SANDBOX) >> .env
232234
echo "DATABASE_URL"=$(echo $IMAGE_DATABASE_URL_SANDBOX) >> .env
233235
echo "CELERY_BROKER_URL"=$(echo $IMAGE_CELERY_BROKER_URL_SANDBOX) >> .env
234236
echo "CELERY_RESULT_BACKEND"=$(echo $IMAGE_CELERY_RESULT_BACKEND_SANDBOX) >> .env
235237
echo "MRM_PUSH_URL"=$(echo $IMAGE_MRM_PUSH_URL_SANDBOX) >> .env
238+
echo "PROD_REQUEST_URL"=$(echo $IMAGE_PROD_REQUEST_URL) >> .env
236239
fi
237240
echo "SECRET_KEY"=$(echo $IMAGE_SECRET_KEY) >> .env
238241
echo "MAIL_SERVER"=$(echo $IMAGE_MAIL_SERVER) >> .env
@@ -301,13 +304,13 @@ jobs:
301304
command: |
302305
if [ "$CIRCLE_BRANCH" == master ] || [ "$CIRCLE_BRANCH" == develop ]; then
303306
touch google-service-key.json
304-
echo $GOOGLE_CREDENTIALS_STAGING | base64 --decode >> google-service-key.json
307+
echo $GOOGLE_CREDENTIALS_STAGING | base64 --decode >> google-service-key.json
305308
gcloud auth activate-service-account --key-file google-service-key.json
306309
gcloud --quiet config set project ${GOOGLE_PROJECT_ID_STAGING}
307310
gcloud --quiet config set compute/zone ${GOOGLE_COMPUTE_ZONE}
308311
else
309312
touch google-service-key.json
310-
echo $GOOGLE_CREDENTIALS_SANDBOX | base64 --decode >> google-service-key.json
313+
echo $GOOGLE_CREDENTIALS_SANDBOX | base64 --decode >> google-service-key.json
311314
gcloud auth activate-service-account --key-file google-service-key.json
312315
gcloud --quiet config set project ${GOOGLE_PROJECT_ID_SANDBOX}
313316
gcloud --quiet config set compute/zone ${GOOGLE_COMPUTE_ZONE}

app.py

+1-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
from flask import Flask, render_template
22

33
from flask_graphql import GraphQLView
4-
from flask_cors import CORS
54
from flask_json import FlaskJSON
65

76
from flask_mail import Mail
@@ -17,7 +16,6 @@
1716

1817
def create_app(config_name):
1918
app = Flask(__name__)
20-
CORS(app)
2119
FlaskJSON(app)
2220
app.config.from_object(config[config_name])
2321
config[config_name].init_app(app)
@@ -35,6 +33,7 @@ def index():
3533
graphiql=True # for having the GraphiQL interface
3634
)
3735
)
36+
3837
app.add_url_rule(
3938
'/_healthcheck',
4039
view_func=GraphQLView.as_view(

helpers/auth/allowed_requests.py

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
import os
2+
from flask import request
3+
from graphql import GraphQLError
4+
5+
request_urls = os.environ.get("PROD_REQUEST_URL").split(',')
6+
7+
8+
class RequestAuthentication:
9+
10+
def validate_origins(self):
11+
if request.environ['HTTP_ORIGIN'] in request.environ and request.environ['HTTP_ORIGIN'] not in request_urls: # noqa 501
12+
raise GraphQLError(
13+
"You are not allowed to make requests to this environment")
14+
else:
15+
response.headers.add('Access-Control-Allow-Origin', request.environ['HTTP_ORIGIN'] )
16+
response.headers.add('Access-Control-Allow-Headers', 'access-control-allow-origin,content-type') # noqa 501
17+
response.headers.add('Access-Control-Allow-Methods', 'GET,POST')
18+
19+
20+
Request = RequestAuthentication()

manage.py

+11-3
Original file line numberDiff line numberDiff line change
@@ -2,20 +2,28 @@
22

33
import bugsnag
44
from flask_script import Manager, Shell
5+
from flask_cors import CORS
6+
from helpers.auth.allowed_requests import Request
57
from bugsnag.flask import handle_exceptions
68

79

810
# Configure bugnsag
911
bugsnag.configure(
10-
api_key=os.getenv('BUGSNAG_API_TOKEN'),
11-
release_stage="development",
12-
project_root="app"
12+
api_key=os.getenv('BUGSNAG_API_TOKEN'),
13+
release_stage="development",
14+
project_root="app"
1315
)
1416

1517
# local imports
1618
from app import create_app # noqa: E402
1719

1820
app = create_app(os.getenv('APP_SETTINGS') or 'default')
21+
with app.test_request_context():
22+
if app.config['DEBUG'] or app.config['TESTING']:
23+
CORS(app, resources={r"/mrm": {"origins": "*"}})
24+
else:
25+
Request.validate_origins()
26+
1927
handle_exceptions(app)
2028
manager = Manager(app)
2129

requirements.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ blinker==1.4
44
celery==3.1.17
55
coverage==4.5.1
66
Flask==0.12.2
7-
Flask-Cors==3.0.4
7+
Flask-Cors==3.0.7
88
Flask-JSON==0.3.2
99
Flask-Script==2.0.6
1010
Flask-GraphQL==1.4.1

0 commit comments

Comments
 (0)