request handler allow only specific clients

2025-12-13 07:45:54 +00:00 · 2020-04-27 11:35:44 +00:00 · 2020-04-27 11:35:44 +00:00 · f7f9d0ddb8
commit f7f9d0ddb8
parent ed963059a6
2 changed files with 32 additions and 0 deletions
--- a/config/routes.php
+++ b/config/routes.php
@ -22,6 +22,8 @@ use Cake\Routing\RouteBuilder;
 use Cake\Routing\Router;
 use Cake\Routing\Route\DashedRoute;

+use Cake\Core\Configure;
+
 /**
 * The default class to use for all routes
 *
@ -58,7 +60,18 @@ Router::scope('/', function (RouteBuilder $routes) {
        $whitelist = ['JsonRequestHandler', 'ElopageWebhook'];
        foreach($whitelist as $entry) {
          if($request->getParam('controller') === $entry) {
+            if($entry == 'ElopageWebhook') {
              return true;
+            }
+            if($request->clientIp() == '127.0.0.1' || $request->clientIp() == 'localhost') {
+              return true;
+            }
+            $allowedCaller = Configure::read('API.allowedCaller');
+              $callerIp = $request->clientIp();
+              foreach($allowedCaller as $allowed) {
+                $ip = gethostbyname($allowed);
+                if($ip === $callerIp) return true;
+              }
          }
        }
    });
--- a/src/Controller/JsonRequestHandlerController.php
+++ b/src/Controller/JsonRequestHandlerController.php
@ -57,6 +57,7 @@ class JsonRequestHandlerController extends AppController {
            case 'moveTransaction': return $this->moveTransaction($jsonData->pubkeys, $jsonData->memo, $jsonData->session_id);
            case 'checkUser': return $this->checkUser($jsonData->email, $jsonData->last_name);
            case 'getUsers' : return $this->getUsers($jsonData->page, $jsonData->limit);
+            case 'getUserBalance': return $this->getUserBalance($jsonData->email, $jsonData->last_name);
          }
          return $this->returnJson(['state' => 'error', 'msg' => 'unknown method for post', 'details' => $method]);
        }
@ -163,6 +164,24 @@ class JsonRequestHandlerController extends AppController {
      return $this->returnJson(['state' => 'not identical', 'user' => $user->toArray()]);
    }
    
+    private function getUserBalance($email, $last_name) {
+      $stateUserTable = TableRegistry::getTableLocator()->get('StateUsers');
+      $stateUsers = $stateUserTable->find('all')->where(['OR' => ['email' => $email, 'last_name' => $last_name]])->contain(['StateBalances']);
+      $gdds  = [];
+      foreach($stateUsers as $stateUser) {
+        foreach($stateUser->StateBalances as $stateBalance) {
+          if(!isset($gdds[$stateBalance->email])) {
+            $gdds[$stateBalance->email];
+          }
+          if(!isset($gdds[$stateBalance->email][$stateBalance->last_name])) {
+            $gdds[$stateBalance->email][$stateBalance->last_name] = 0;
+          }
+          $gdds[$stateBalance->email][$stateBalance->last_name] += $stateBalance->amount;
+        }
+      }
+      return $this->returnJson(['state' => 'success', 'gdds' => $gdds, 'stateUsers' => $stateUsers]);
+    }
+    
    private function getUsers($page, $count) {
      
      $userTable = TableRegistry::getTableLocator()->get('Users');