gowthaman/readymixerp_modules_api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add tamper protection

Browse Source
This commit is contained in:
gowthaman.b 2023-11-12 09:23:28 +05:30
parent b4a6308d5a
commit bf0a9ccbc9
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/kotlin/com/restapi/AppAccessManager.kt
View File

@ -21,7 +21,8 @@ class AppAccessManager : AccessManager {
return database.find(EntityModel::class.java) return database.find(EntityModel::class.java)
.where() .where()
.eq("name", entity) .eq("name", entity)
.findOne()?.actions .findOne()
?.actions
?.filter { it.equals(action, ignoreCase = true) } ?.filter { it.equals(action, ignoreCase = true) }
?.map { "role_${entity}_$it" } ?: emptyList() ?.map { "role_${entity}_$it" } ?: emptyList()
} }

16
src/main/kotlin/com/restapi/Main.kt
View File

@ -47,6 +47,8 @@ fun main(args: Array<String>) {
val updateRole = Role.Standard(Action.UPDATE) val updateRole = Role.Standard(Action.UPDATE)
val approveOrRejectRole = Role.Standard(Action.APPROVE) val approveOrRejectRole = Role.Standard(Action.APPROVE)
//todo, create roles in keycloak based on entity and actions
//ratelimit based on IP Only //ratelimit based on IP Only
RateLimitUtil.keyFunction = { ctx -> ctx.header("X-Forwarded-For")?.split(",")?.get(0) ?: ctx.ip() } RateLimitUtil.keyFunction = { ctx -> ctx.header("X-Forwarded-For")?.split(",")?.get(0) ?: ctx.ip() }
Javalin Javalin
@ -225,15 +227,11 @@ fun main(args: Array<String>) {
private fun getFormDataAsString(formData: Map<String, String>): String { private fun getFormDataAsString(formData: Map<String, String>): String {
val formBodyBuilder = StringBuilder()
for ((key, value) in formData) { return formData.entries.joinToString("&") {
if (formBodyBuilder.isNotEmpty()) { val key = URLEncoder.encode(it.key, StandardCharsets.UTF_8)
formBodyBuilder.append("&") val value = URLEncoder.encode(it.value, StandardCharsets.UTF_8)
} "$key=$value"
formBodyBuilder.append(URLEncoder.encode(key, StandardCharsets.UTF_8))
formBodyBuilder.append("=")
formBodyBuilder.append(URLEncoder.encode(value, StandardCharsets.UTF_8))
} }
return formBodyBuilder.toString()
} }