Merge pull request #95 from mena-devs/block-access-from-ip

constantine-nikolaou · web-flow · commit 25e69258ac6d · 2022-06-06T17:14:51.000+02:00
Add function to block access to website from certain IP addresses
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -8,6 +8,9 @@ class ApplicationController < ActionController::Base
   # API access
   before_action :authenticate_with_token!, if: :api_request
 
+  # Block signups from unwanted IP addresses
+  before_action :block_ip_addresses
+
   def after_sign_in_path_for(resource)
     session[:custom_identifier] = resource.custom_identifier
     root_path
@@ -91,6 +94,7 @@ def render_json_422
   end
 
   private
+
     def authenticate_with_token!
       auth_token = params[:auth_token].presence
 
@@ -111,4 +115,12 @@ def authenticate_with_token!
         end
       end
     end
+
+    def block_ip_addresses
+      head :unauthorized if AppSettings.ip_addresses_black_list.include?(current_ip_address)
+    end
+
+    def current_ip_address
+      request.env['HTTP_X_REAL_IP'] || request.env['REMOTE_ADDR']
+    end
 end
diff --git a/config/settings/development.yml.sample b/config/settings/development.yml.sample
@@ -23,7 +23,12 @@ admin_email: ''
 
 google_analytics_code: ''
 
+ip_addresses_black_list:
+  - 123.123.123.123
+
 developers_emails:
   - email@example.com
 
 sender_email: email@example.com
+
+meta_tags_keywords: ''
diff --git a/config/settings/production.yml.sample b/config/settings/production.yml.sample
@@ -23,7 +23,12 @@ admin_email: ''
 
 google_analytics_code: ''
 
+ip_addresses_black_list:
+  - 123.123.123.123
+
 developers_emails:
   - email@example.com
 
 sender_email: email@example.com
+
+meta_tags_keywords: ''
diff --git a/config/settings/test.yml.sample b/config/settings/test.yml.sample
@@ -24,13 +24,12 @@ admin_email: 'email@example.com'
 
 google_analytics_code: ''
 
+ip_addresses_black_list:
+  - 123.123.123.123
+
 developers_emails:
   - email@example.com
 
-sender_email: 'email@example.com'
+sender_email: email@example.com
 
-meta_tags_keywords: 'web developer, mobile developer, software engineer,
-                    technical director, CIO, software developer,
-                    back-end developer, front-end developer,
-                    technical project manager, CTO, jobs, freelance,
-                    online community, lebanon, UAE, Egypt, Jordan, Syria'
+meta_tags_keywords: ''
