Merge pull request #124 from TomaszKandula/stage

merge: stage to master
TomaszKandula · Sep 7, 2022 · 4251534 · 4251534
2 parents 7d36f23 + 819fe66
commit 4251534
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 6 deletions.
diff --git a/EmailSender.Services/EmailSender.Services.BehaviourService/AddressCheckBehaviour.cs b/EmailSender.Services/EmailSender.Services.BehaviourService/AddressCheckBehaviour.cs
@@ -14,6 +14,10 @@ namespace EmailSender.Services.BehaviourService;
 [ExcludeFromCodeCoverage]
 public class AddressCheckBehaviour<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse> where TRequest : IRequest<TResponse>
 {
+    private const string Localhost = "127.0.0.1";
+
+    private const string XForwardedFor = "X-Forwarded-For";
+
     private readonly ILoggerService _logger;
 
     private readonly IUserService _userService;
@@ -34,7 +38,7 @@ public async Task<TResponse> Handle(TRequest request, CancellationToken cancella
         if (allowAnonymous)
             return await next();
 
-        var ipAddress = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress?.MapToIPv4();
+        var ipAddress = GetRequestIpAddress();
         var isIpAddressAllowed = await _userService.IsIpAddressAllowed(ipAddress, CancellationToken.None);
 
         if (isIpAddressAllowed) 
@@ -43,4 +47,14 @@ public async Task<TResponse> Handle(TRequest request, CancellationToken cancella
         _logger.LogWarning($"Access forbidden for: {ipAddress}");
         throw new Backend.Core.Exceptions.AccessException(nameof(ErrorCodes.ACCESS_FORBIDDEN), ErrorCodes.ACCESS_FORBIDDEN);
     }
+
+    private string GetRequestIpAddress() 
+    {
+        var remoteIpAddress = _httpContextAccessor.HttpContext?
+            .Request.Headers[XForwardedFor].ToString();
+
+        return string.IsNullOrEmpty(remoteIpAddress) 
+            ? Localhost 
+            : remoteIpAddress.Split(':')[0];
+    }
 }
diff --git a/EmailSender.Services/EmailSender.Services.UserService/IUserService.cs b/EmailSender.Services/EmailSender.Services.UserService/IUserService.cs
@@ -13,7 +13,9 @@ public interface IUserService
 
     Task<string> GeneratePrivateKey(Guid? userId, CancellationToken cancellationToken = default);
 
-    Task<bool> IsIpAddressAllowed(IPAddress domainName, CancellationToken cancellationToken = default);
+    Task<bool> IsIpAddressAllowed(IPAddress ipAddress, CancellationToken cancellationToken = default);
+
+    Task<bool> IsIpAddressAllowed(string ipAddress, CancellationToken cancellationToken = default);
 
     Task<bool> IsPrivateKeyValid(string privateKey, CancellationToken cancellationToken = default);
 

diff --git a/EmailSender.Services/EmailSender.Services.UserService/UserService.cs b/EmailSender.Services/EmailSender.Services.UserService/UserService.cs
@@ -72,17 +72,39 @@ public async Task<string> GeneratePrivateKey(Guid? userId, CancellationToken can
     public async Task<bool> IsIpAddressAllowed(IPAddress ipAddress, CancellationToken cancellationToken = default)
     {
         var address = ipAddress.ToString();
-        var allowedIp = await _databaseContext.UserAllowedIps
-            .AsNoTracking()
-            .Where(ips => ips.IpAddress == address)
-            .SingleOrDefaultAsync(cancellationToken);
+        var allowedIp = await GetIpAddress(address, cancellationToken);
 
         if (allowedIp is null) 
             _loggerService.LogWarning($"IP address '{address}' is not registered within the system.");
 
         return allowedIp is not null;
     }
 
+    /// <summary>
+    /// Checks if given IP address is registered within the system.
+    /// It should not contain a scheme, but it may contain a port number.
+    /// </summary>
+    /// <param name="ipAddress">IP Address.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>True or False.</returns>
+    public async Task<bool> IsIpAddressAllowed(string ipAddress, CancellationToken cancellationToken = default)
+    {
+        var allowedIp = await GetIpAddress(ipAddress, cancellationToken);
+
+        if (allowedIp is null) 
+            _loggerService.LogWarning($"IP address '{ipAddress}' is not registered within the system.");
+
+        return allowedIp is not null;
+    }
+
+    private async Task<UserAllowedIps> GetIpAddress(string address, CancellationToken cancellationToken)
+    {
+        return await _databaseContext.UserAllowedIps
+            .AsNoTracking()
+            .Where(ips => ips.IpAddress == address)
+            .SingleOrDefaultAsync(cancellationToken);
+    }
+
     /// <summary>
     /// Checks if a given private key is registered within the system.
     /// </summary>