gowthaman/readymixerp_modules_api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add tamper protection

Browse Source
This commit is contained in:
gowthaman.b 2023-11-12 09:23:28 +05:30
parent b4a6308d5a
commit bf0a9ccbc9
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/kotlin/com/restapi/AppAccessManager.kt
View File

@ -21,7 +21,8 @@ class AppAccessManager : AccessManager {
return database.find(EntityModel::class.java)
.where()
.eq("name", entity)
.findOne()?.actions
.findOne()
?.actions
?.filter { it.equals(action, ignoreCase = true) }
?.map { "role_${entity}_$it" } ?: emptyList()
}

16
src/main/kotlin/com/restapi/Main.kt
View File

@ -47,6 +47,8 @@ fun main(args: Array<String>) {
val updateRole = Role.Standard(Action.UPDATE)
val approveOrRejectRole = Role.Standard(Action.APPROVE)
//todo, create roles in keycloak based on entity and actions
//ratelimit based on IP Only
RateLimitUtil.keyFunction = { ctx -> ctx.header("X-Forwarded-For")?.split(",")?.get(0) ?: ctx.ip() }
Javalin
@ -225,15 +227,11 @@ fun main(args: Array<String>) {
private fun getFormDataAsString(formData: Map<String, String>): String {
val formBodyBuilder = StringBuilder()
for ((key, value) in formData) {
if (formBodyBuilder.isNotEmpty()) {
formBodyBuilder.append("&")
}
formBodyBuilder.append(URLEncoder.encode(key, StandardCharsets.UTF_8))
formBodyBuilder.append("=")
formBodyBuilder.append(URLEncoder.encode(value, StandardCharsets.UTF_8))
return formData.entries.joinToString("&") {
val key = URLEncoder.encode(it.key, StandardCharsets.UTF_8)
val value = URLEncoder.encode(it.value, StandardCharsets.UTF_8)
"$key=$value"
}
return formBodyBuilder.toString()
}