remove separate userapiallowedips config and check

internal/auth/auth.go

@@ -329,7 +329,7 @@ func (auth *Authentication) AuthApi(
 			return
 		}
 
-		ipErr := securedCheck(user, "api", r)
+		ipErr := securedCheck(user, r)
 		if ipErr != nil {
 			log.Infof("auth api -> secured check failed: %s", err.Error())
 			onfailure(rw, r, ipErr)
@@ -372,13 +372,6 @@ func (auth *Authentication) AuthUserApi(
 			return
 		}
 
-		ipErr := securedCheck(user, "userapi", r)
-		if ipErr != nil {
-			log.Infof("auth user api -> secured check failed: %s", err.Error())
-			onfailure(rw, r, ipErr)
-			return
-		}
-
 		if user != nil {
 			switch {
 			case len(user.Roles) == 1:
@@ -466,7 +459,7 @@ func (auth *Authentication) Logout(onsuccess http.Handler) http.Handler {
 }
 
 // Helper Moved To MiddleWare Auth Handlers
-func securedCheck(user *schema.User, checkEndpoint string, r *http.Request) error {
+func securedCheck(user *schema.User, r *http.Request) error {
 	if user == nil {
 		return fmt.Errorf("no user for secured check")
 	}
@@ -484,37 +477,17 @@ func securedCheck(user *schema.User, checkEndpoint string, r *http.Request) erro
 		IPAddress = strings.Split(IPAddress, ":")[0]
 	}
 
-	// Used for checking TokenAuth'd Requests Only: Remove '== schema.AuthToken'-Condition
+	// If nothing declared in config: deny all request to this api endpoint
-	if checkEndpoint == "api" {
+	if len(config.Keys.ApiAllowedIPs) == 0 {
-		// If nothing declared in config: deny all request to this api endpoint
+		return fmt.Errorf("missing configuration key ApiAllowedIPs")
-		if config.Keys.ApiAllowedIPs == nil || len(config.Keys.ApiAllowedIPs) == 0 {
+	}
-			return fmt.Errorf("missing configuration key ApiAllowedIPs")
+	// If wildcard declared in config: Continue
-		}
+	if config.Keys.ApiAllowedIPs[0] == "*" {
-		// If wildcard declared in config: Continue
+		return nil
-		if config.Keys.ApiAllowedIPs[0] == "*" {
+	}
-			return nil
+	// check if IP is allowed
-		}
+	if !util.Contains(config.Keys.ApiAllowedIPs, IPAddress) {
-		// check if IP is allowed
+		return fmt.Errorf("unknown ip: %v", IPAddress)
-		if !util.Contains(config.Keys.ApiAllowedIPs, IPAddress) {
-			return fmt.Errorf("unknown ip: %v", IPAddress)
-		}
-
-	} else if checkEndpoint == "userapi" {
-		// If nothing declared in config: deny all request to this api endpoint
-		if config.Keys.UserApiAllowedIPs == nil || len(config.Keys.UserApiAllowedIPs) == 0 {
-			return fmt.Errorf("missing configuration key UserApiAllowedIPs")
-		}
-		// If wildcard declared in config: Continue
-		if config.Keys.UserApiAllowedIPs[0] == "*" {
-			return nil
-		}
-		// check if IP is allowed
-		if !util.Contains(config.Keys.UserApiAllowedIPs, IPAddress) {
-			return fmt.Errorf("unknown user ip: %v", IPAddress)
-		}
-
-	} else {
-		return fmt.Errorf("unknown checkEndpoint for secured check")
 	}
 
 	return nil

pkg/schema/config.go

@@ -103,9 +103,6 @@ type ProgramConfig struct {
 	// Addresses from which secured admin API endpoints can be reached, can be wildcard "*"
 	ApiAllowedIPs []string `json:"apiAllowedIPs"`
 
-	// Addresses from which secured admin API endpoints can be reached, can be wildcard "*"
-	UserApiAllowedIPs []string `json:"userApiAllowedIPs"`
-
 	// Drop root permissions once .env was read and the port was taken.
 	User  string `json:"user"`
 	Group string `json:"group"`