Move admin IP addresses to config file.
This commit is contained in:
parent
ac48ea044c
commit
4e2b5e480b
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<%--
|
||||
Copyright (c) 2012, Andy Janata
|
||||
Copyright (c) 2012-2018, Andy Janata
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification, are permitted
|
||||
|
@ -27,16 +27,24 @@ Administration tools.
|
|||
@author Andy Janata (ajanata@socialgamer.net)
|
||||
--%>
|
||||
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
|
||||
<%@ page import="com.google.inject.Injector" %>
|
||||
<%@ page import="com.google.inject.Key" %>
|
||||
<%@ page import="com.google.inject.TypeLiteral" %>
|
||||
<%@ page import="net.socialgamer.cah.CahModule.Admins" %>
|
||||
<%@ page import="net.socialgamer.cah.HibernateUtil" %>
|
||||
<%@ page import="net.socialgamer.cah.StartupUtils" %>
|
||||
<%@ page import="net.socialgamer.cah.db.PyxBlackCard" %>
|
||||
<%@ page import="net.socialgamer.cah.db.PyxWhiteCard" %>
|
||||
<%@ page import="net.socialgamer.cah.Constants" %>
|
||||
<%@ page import="net.socialgamer.cah.RequestWrapper" %>
|
||||
<%@ page import="org.hibernate.Session" %>
|
||||
<%@ page import="org.hibernate.Transaction" %>
|
||||
<%@ page import="java.util.Set" %>
|
||||
<%
|
||||
RequestWrapper wrapper = new RequestWrapper(request);
|
||||
if (!Constants.ADMIN_IP_ADDRESSES.contains(wrapper.getRemoteAddr())) {
|
||||
ServletContext servletContext = pageContext.getServletContext();
|
||||
Injector injector = (Injector) servletContext.getAttribute(StartupUtils.INJECTOR);
|
||||
Set<String> admins = injector.getInstance(Key.get(new TypeLiteral<Set<String>>(){}, Admins.class));
|
||||
if (!admins.contains(wrapper.getRemoteAddr())) {
|
||||
response.sendError(403, "Access is restricted to known hosts");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<%--
|
||||
Copyright (c) 2012-2017, Andy Janata
|
||||
Copyright (c) 2012-2018, Andy Janata
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification, are permitted
|
||||
|
@ -32,8 +32,8 @@ Administration tools.
|
|||
<%@ page import="com.google.inject.TypeLiteral" %>
|
||||
<%@ page import="net.socialgamer.cah.RequestWrapper" %>
|
||||
<%@ page import="net.socialgamer.cah.StartupUtils" %>
|
||||
<%@ page import="net.socialgamer.cah.CahModule.Admins" %>
|
||||
<%@ page import="net.socialgamer.cah.CahModule.BanList" %>
|
||||
<%@ page import="net.socialgamer.cah.Constants" %>
|
||||
<%@ page import="net.socialgamer.cah.Constants.DisconnectReason" %>
|
||||
<%@ page import="net.socialgamer.cah.Constants.LongPollEvent" %>
|
||||
<%@ page import="net.socialgamer.cah.Constants.LongPollResponse" %>
|
||||
|
@ -50,14 +50,14 @@ Administration tools.
|
|||
|
||||
<%
|
||||
RequestWrapper wrapper = new RequestWrapper(request);
|
||||
if (!Constants.ADMIN_IP_ADDRESSES.contains(wrapper.getRemoteAddr())) {
|
||||
ServletContext servletContext = pageContext.getServletContext();
|
||||
Injector injector = (Injector) servletContext.getAttribute(StartupUtils.INJECTOR);
|
||||
Set<String> admins = injector.getInstance(Key.get(new TypeLiteral<Set<String>>(){}, Admins.class));
|
||||
if (!admins.contains(wrapper.getRemoteAddr())) {
|
||||
response.sendError(403, "Access is restricted to known hosts");
|
||||
return;
|
||||
}
|
||||
|
||||
ServletContext servletContext = pageContext.getServletContext();
|
||||
Injector injector = (Injector) servletContext.getAttribute(StartupUtils.INJECTOR);
|
||||
|
||||
ConnectedUsers connectedUsers = injector.getInstance(ConnectedUsers.class);
|
||||
Set<String> banList = injector.getInstance(Key.get(new TypeLiteral<Set<String>>(){}, BanList.class));
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<%--
|
||||
Copyright (c) 2012, Andy Janata
|
||||
Copyright (c) 2012-2018, Andy Janata
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification, are permitted
|
||||
|
@ -27,20 +27,28 @@ Administration tools.
|
|||
@author Andy Janata (ajanata@socialgamer.net)
|
||||
--%>
|
||||
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
|
||||
<%@ page import="com.google.inject.Injector" %>
|
||||
<%@ page import="com.google.inject.Key" %>
|
||||
<%@ page import="com.google.inject.TypeLiteral" %>
|
||||
<%@ page import="java.util.ArrayList" %>
|
||||
<%@ page import="java.util.List" %>
|
||||
<%@ page import="java.util.Set" %>
|
||||
<%@ page import="net.socialgamer.cah.CahModule.Admins" %>
|
||||
<%@ page import="net.socialgamer.cah.HibernateUtil" %>
|
||||
<%@ page import="net.socialgamer.cah.StartupUtils" %>
|
||||
<%@ page import="net.socialgamer.cah.db.PyxBlackCard" %>
|
||||
<%@ page import="net.socialgamer.cah.db.PyxCardSet" %>
|
||||
<%@ page import="net.socialgamer.cah.db.PyxWhiteCard" %>
|
||||
<%@ page import="net.socialgamer.cah.Constants" %>
|
||||
<%@ page import="net.socialgamer.cah.RequestWrapper" %>
|
||||
<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
|
||||
<%@ page import="org.hibernate.Session" %>
|
||||
<%@ page import="org.hibernate.Transaction" %>
|
||||
<%
|
||||
RequestWrapper wrapper = new RequestWrapper(request);
|
||||
if (!Constants.ADMIN_IP_ADDRESSES.contains(wrapper.getRemoteAddr())) {
|
||||
ServletContext servletContext = pageContext.getServletContext();
|
||||
Injector injector = (Injector) servletContext.getAttribute(StartupUtils.INJECTOR);
|
||||
Set<String> admins = injector.getInstance(Key.get(new TypeLiteral<Set<String>>(){}, Admins.class));
|
||||
if (!admins.contains(wrapper.getRemoteAddr())) {
|
||||
response.sendError(403, "Access is restricted to known hosts");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -8,6 +8,8 @@ pyx.global_chat_enabled=true
|
|||
pyx.insecure_id_allowed=true
|
||||
# set this to some secure random value, and never change it, unless you want to break all codes
|
||||
pyx.id_code_salt=
|
||||
# comma-separated listed of IP addresses (v4 or v6) from which users are considered admins.
|
||||
pyx.admin_addrs=127.0.0.1,::1
|
||||
|
||||
# for production use, use postgres
|
||||
#hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
|
||||
|
|
|
@ -5,6 +5,7 @@ pyx.server.max_games=${pyx.max_games}
|
|||
pyx.server.broadcast_connects_and_disconnects=${pyx.broadcast_connects_and_disconnects}
|
||||
pyx.server.global_chat_enabled=${pyx.global_chat_enabled}
|
||||
pyx.server.id_code_salt=${pyx.id_code_salt}
|
||||
pyx.server.admin_addrs=${pyx.admin_addrs}
|
||||
pyx.build=${buildNumber}
|
||||
|
||||
# this is NOT allowed to be changed during a reload, as metrics depend on previous events
|
||||
|
|
|
@ -40,6 +40,7 @@ import javax.servlet.ServletContext;
|
|||
import org.apache.log4j.Logger;
|
||||
import org.hibernate.Session;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.inject.AbstractModule;
|
||||
import com.google.inject.BindingAnnotation;
|
||||
import com.google.inject.Provides;
|
||||
|
@ -215,6 +216,15 @@ public class CahModule extends AbstractModule {
|
|||
return session;
|
||||
}
|
||||
|
||||
@Provides
|
||||
@Admins
|
||||
Set<String> provideAdmins() {
|
||||
synchronized (properties) {
|
||||
return ImmutableSet
|
||||
.copyOf(properties.getProperty("pyx.server.admin_addrs", "127.0.0.1,::1").split(","));
|
||||
}
|
||||
}
|
||||
|
||||
@BindingAnnotation
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface BanList {
|
||||
|
@ -269,4 +279,9 @@ public class CahModule extends AbstractModule {
|
|||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface UserPersistentId {
|
||||
}
|
||||
|
||||
@BindingAnnotation
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface Admins {
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,8 +25,6 @@ package net.socialgamer.cah;
|
|||
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import net.socialgamer.cah.data.Game;
|
||||
|
||||
|
@ -48,16 +46,6 @@ public class Constants {
|
|||
public static final int CHAT_FLOOD_TIME = 30 * 1000;
|
||||
public static final int CHAT_MAX_LENGTH = 200;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public static final Set<String> ADMIN_IP_ADDRESSES = new HashSet<String>() {
|
||||
{
|
||||
add("0:0:0:0:0:0:0:1");
|
||||
add("127.0.0.1");
|
||||
// ajanata
|
||||
add("107.218.154.202");
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Enums that implement this interface are valid keys for data returned to clients.
|
||||
*/
|
||||
|
|
|
@ -36,9 +36,9 @@ import org.apache.http.HttpHeaders;
|
|||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
|
||||
import net.socialgamer.cah.CahModule.Admins;
|
||||
import net.socialgamer.cah.CahModule.BanList;
|
||||
import net.socialgamer.cah.CahModule.UserPersistentId;
|
||||
import net.socialgamer.cah.Constants;
|
||||
import net.socialgamer.cah.Constants.AjaxOperation;
|
||||
import net.socialgamer.cah.Constants.AjaxRequest;
|
||||
import net.socialgamer.cah.Constants.AjaxResponse;
|
||||
|
@ -65,6 +65,7 @@ public class RegisterHandler extends Handler {
|
|||
private static final int ID_CODE_MAX_LENGTH = 100;
|
||||
|
||||
private final ConnectedUsers users;
|
||||
private final Set<String> adminList;
|
||||
private final Set<String> banList;
|
||||
private final User.Factory userFactory;
|
||||
private final Provider<String> persistentIdProvider;
|
||||
|
@ -73,12 +74,14 @@ public class RegisterHandler extends Handler {
|
|||
@Inject
|
||||
public RegisterHandler(final ConnectedUsers users, @BanList final Set<String> banList,
|
||||
final User.Factory userFactory, final IdCodeMangler idCodeMangler,
|
||||
@UserPersistentId final Provider<String> persistentIdProvider) {
|
||||
@UserPersistentId final Provider<String> persistentIdProvider,
|
||||
@Admins final Set<String> adminList) {
|
||||
this.users = users;
|
||||
this.banList = banList;
|
||||
this.userFactory = userFactory;
|
||||
this.persistentIdProvider = persistentIdProvider;
|
||||
this.idCodeManger = idCodeMangler;
|
||||
this.adminList = adminList;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -112,7 +115,7 @@ public class RegisterHandler extends Handler {
|
|||
request.getParameter(AjaxRequest.ID_CODE));
|
||||
|
||||
final User user = userFactory.create(nick, mangledIdCode, request.getRemoteAddr(),
|
||||
Constants.ADMIN_IP_ADDRESSES.contains(request.getRemoteAddr()), persistentId,
|
||||
adminList.contains(request.getRemoteAddr()), persistentId,
|
||||
request.getHeader(HttpHeaders.ACCEPT_LANGUAGE),
|
||||
request.getHeader(HttpHeaders.USER_AGENT));
|
||||
final ErrorCode errorCode = users.checkAndAdd(user);
|
||||
|
|
Loading…
Reference in New Issue