Sha256: 647965d93f65f2d5b6cafd9a467a092c25c46eb3ab5a9f19b1a29181d24f5c09
Contents?: true
Size: 1.03 KB
Versions: 1
Compression:
Stored size: 1.03 KB
Contents
module RVT
class ApplicationController < ActionController::Base
# Rails 5.2 has this by default. Skip it, as we don't need it for RVT.
skip_before_action :verify_authenticity_token, raise: false
before_action :prevent_unauthorized_requests!
private
def prevent_unauthorized_requests!
remote_ip = GetSecureIp.new(request, RVT.config.whitelisted_ips).to_s
unless remote_ip.in?(RVT.config.whitelisted_ips)
head :unauthorized
end
end
class GetSecureIp < ActionDispatch::RemoteIp::GetIp
def initialize(req, proxies)
# After rails/rails@07b2ff0 ActionDispatch::RemoteIp::GetIp initializes
# with a ActionDispatch::Request object instead of plain Rack
# environment hash. Keep both @req and @env here, so we don't if/else
# on Rails versions.
@req = req
@env = req.env
@check_ip = true
@proxies = proxies
end
def filter_proxies(ips)
ips.reject { |ip| @proxies.include?(ip) }
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| rvt-1.1.0 | app/controllers/rvt/application_controller.rb |