From cda46141cc639890b8ab68c586f790d976edc9df Mon Sep 17 00:00:00 2001
From: Jan Eitzinger <jan@moebiusband.org>
Date: Fri, 18 Aug 2023 13:03:11 +0200
Subject: [PATCH] Cleanup and add wildcard for IP Filter

---
 internal/api/rest.go | 69 +++-----------------------------------------
 1 file changed, 4 insertions(+), 65 deletions(-)

diff --git a/internal/api/rest.go b/internal/api/rest.go
index 0716514..23ae53a 100644
--- a/internal/api/rest.go
+++ b/internal/api/rest.go
@@ -193,6 +193,10 @@ func securedCheck(r *http.Request) error {
 			return fmt.Errorf("missing configuration key ApiAllowedIPs")
 		}
 
+		if config.Keys.ApiAllowedIPs[0] == "*" {
+			return nil
+		}
+
 		// extract IP address
 		IPAddress := r.Header.Get("X-Real-Ip")
 		if IPAddress == "" {
@@ -1130,71 +1134,6 @@ func (api *RestApi) updateUser(rw http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// func (api *RestApi) secureUpdateUser(rw http.ResponseWriter, r *http.Request) {
-// 	if user := auth.GetUser(r.Context()); user != nil && !user.HasRole(auth.RoleApi) {
-// 		handleError(fmt.Errorf("missing role: %v", auth.GetRoleString(auth.RoleApi)), http.StatusForbidden, rw)
-// 		return
-// 	}
-//
-// 	// IP CHECK HERE (WIP)
-// 	// Probably better as private routine
-// 	IPAddress := r.Header.Get("X-Real-Ip")
-// 	if IPAddress == "" {
-// 		IPAddress = r.Header.Get("X-Forwarded-For")
-// 	}
-// 	if IPAddress == "" {
-// 		IPAddress = r.RemoteAddr
-// 	}
-//
-// 	// Also This
-// 	ipOk := false
-// 	for _, a := range config.Keys.ApiAllowedAddrs {
-// 		if a == IPAddress {
-// 			ipOk = true
-// 		}
-// 	}
-//
-// 	if IPAddress == "" || ipOk == false {
-// 		handleError(fmt.Errorf("unknown ip: %v", IPAddress), http.StatusForbidden, rw)
-// 		return
-// 	}
-// 	// IP CHECK END
-//
-// 	// Get Values
-// 	id := mux.Vars(r)["id"]
-// 	newproj := mux.Vars(r)["project"]
-// 	newrole := mux.Vars(r)["role"]
-//
-// 	// TODO: Handle anything but roles...
-// 	if newrole != "" {
-// 		if err := api.Authentication.AddRole(r.Context(), id, newrole); err != nil {
-// 			handleError(errors.New(err.Error()), http.StatusUnprocessableEntity, rw)
-// 			return
-// 		}
-//
-// 		rw.Header().Add("Content-Type", "application/json")
-// 		rw.WriteHeader(http.StatusOK)
-// 		json.NewEncoder(rw).Encode(UpdateUserApiResponse{
-// 			Message: fmt.Sprintf("Successfully added role %s to %s", newrole, id),
-// 		})
-//
-// 	} else if newproj != "" {
-// 		if err := api.Authentication.AddProject(r.Context(), id, newproj); err != nil {
-// 			handleError(errors.New(err.Error()), http.StatusUnprocessableEntity, rw)
-// 			return
-// 		}
-//
-// 		rw.Header().Add("Content-Type", "application/json")
-// 		rw.WriteHeader(http.StatusOK)
-// 		json.NewEncoder(rw).Encode(UpdateUserApiResponse{
-// 			Message: fmt.Sprintf("Successfully added project %s to %s", newproj, id),
-// 		})
-//
-// 	} else {
-// 		handleError(errors.New("Not Add [role|project]?"), http.StatusBadRequest, rw)
-// 	}
-// }
-
 func (api *RestApi) updateConfiguration(rw http.ResponseWriter, r *http.Request) {
 	rw.Header().Set("Content-Type", "text/plain")
 	key, value := r.FormValue("key"), r.FormValue("value")