add ip_range_whitelist parameter to limit where ASes can connect from

2025-08-06 04:54:15 -04:00 · 2018-06-28 20:31:53 +01:00 · 2018-06-28 20:31:53 +01:00 · f4f1cda928
commit f4f1cda928
parent 6350bf925e
3 changed files with 19 additions and 2 deletions
--- a/synapse/config/appservice.py
+++ b/synapse/config/appservice.py
@ -17,6 +17,8 @@ from ._base import Config, ConfigError
 from synapse.appservice import ApplicationService
 from synapse.types import UserID

+from netaddr import IPSet
+
 import yaml
 import logging

@ -154,6 +156,12 @@ def _load_appservice(hostname, as_info, config_filename):
            " will not receive events or queries.",
            config_filename,
        )
+
+    if as_info.get('ip_range_whitelist'):
+        ip_range_whitelist = IPSet(
+            as_info.get('ip_range_whitelist')
+        )
+
    return ApplicationService(
        token=as_info["as_token"],
        hostname=hostname,
@ -163,5 +171,6 @@ def _load_appservice(hostname, as_info, config_filename):
        sender=user_id,
        id=as_info["id"],
        protocols=protocols,
-        rate_limited=rate_limited
+        rate_limited=rate_limited,
+        ip_range_whitelist=ip_range_whitelist,
    )