From ad53c14cf1e28109b836ff162e694849950b18aa Mon Sep 17 00:00:00 2001 From: Jakub Kadlcik Date: Feb 14 2022 13:34:28 +0000 Subject: frontend: use standard backend auth for updating stats The is no reason for this be limited to intranet-only when the rest of the backend <--> frontend communication is done via public IPs and using authentication tokens. --- diff --git a/frontend/coprs_frontend/coprs/views/misc.py b/frontend/coprs_frontend/coprs/views/misc.py index d432eb4..d34cb31 100644 --- a/frontend/coprs_frontend/coprs/views/misc.py +++ b/frontend/coprs_frontend/coprs/views/misc.py @@ -4,7 +4,6 @@ import datetime import functools from functools import wraps, partial -from netaddr import IPAddress, IPNetwork import re import flask from flask import send_file @@ -364,20 +363,6 @@ def backend_authenticated(f): return decorated_function -def intranet_required(f): - @functools.wraps(f) - def decorated_function(*args, **kwargs): - ip_addr = IPAddress(flask.request.remote_addr) - accept_ranges = set(app.config.get("INTRANET_IPS", [])) - accept_ranges.add("127.0.0.1") # always accept from localhost - if not any(ip_addr in IPNetwork(addr_or_net) for addr_or_net in accept_ranges): - return ("Stats can be update only from intranet hosts, " - "not {}, check config\n".format(flask.request.remote_addr)), 403 - - return f(*args, **kwargs) - return decorated_function - - def req_with_copr(f): @wraps(f) def wrapper(**kwargs): diff --git a/frontend/coprs_frontend/coprs/views/stats_ns/stats_receiver.py b/frontend/coprs_frontend/coprs/views/stats_ns/stats_receiver.py index b74d462..0a5a9de 100644 --- a/frontend/coprs_frontend/coprs/views/stats_ns/stats_receiver.py +++ b/frontend/coprs_frontend/coprs/views/stats_ns/stats_receiver.py @@ -6,7 +6,7 @@ from coprs import rcp from coprs import app from coprs import db from coprs.exceptions import CoprHttpException -from ..misc import intranet_required +from coprs.views.misc import backend_authenticated from . import stats_rcv_ns from ...logic.stat_logic import CounterStatLogic, handle_be_stat_message @@ -17,7 +17,7 @@ def ping(): @stats_rcv_ns.route("///", methods=['POST']) -@intranet_required +@backend_authenticated def increment(counter_type, name): app.logger.debug(flask.request.remote_addr) @@ -27,7 +27,7 @@ def increment(counter_type, name): @stats_rcv_ns.route("/from_backend", methods=['POST']) -@intranet_required +@backend_authenticated def backend_stat_message_handler(): try: handle_be_stat_message(rcp.get_connection(), json.loads(flask.request.json))