add ip_range_whitelist parameter to limit where ASes can connect from

2025-05-02 13:36:02 -04:00 · 2018-06-28 20:31:53 +01:00 · 2018-06-28 20:31:53 +01:00 · f4f1cda928
commit f4f1cda928
parent 6350bf925e
3 changed files with 19 additions and 2 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -19,6 +19,7 @@ from six import itervalues

 import pymacaroons
 from twisted.internet import defer
+from netaddr import IPAddress

 import synapse.types
 from synapse import event_auth
@ -244,6 +245,11 @@ class Auth(object):
        if app_service is None:
            defer.returnValue((None, None))

+        if app_service.ip_range_whitelist:
+            ip_address = IPAddress(self.hs.get_ip_from_request(request))
+            if ip_address not in app_service.ip_range_whitelist:
+                defer.returnValue((None, None))
+
        if "user_id" not in request.args:
            defer.returnValue((app_service.sender, app_service))