From d89df448d3e00915eee8c0fc7184b503e8cb7e5e Mon Sep 17 00:00:00 2001
From: autodeploy <benoit@startinblox.com>
Date: Tue, 2 Jul 2024 17:49:15 +0200
Subject: [PATCH 1/2] add: ipopenpermission to djangoldp

---
 djangoldp/filters.py     | 10 ++++++++++
 djangoldp/permissions.py | 18 ++++++++++++++++--
 djangoldp/utils.py       | 11 +++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/djangoldp/filters.py b/djangoldp/filters.py
index d568eb34..2c93699e 100644
--- a/djangoldp/filters.py
+++ b/djangoldp/filters.py
@@ -1,6 +1,9 @@
 from django.conf import settings
 from django.db.models import Q
 from rest_framework.filters import BaseFilterBackend
+from djangoldp.utils import check_client_ip
+
+PASSTHROUGH_IPS = getattr(settings, 'PASSTHROUGH_IPS', '')
 
 class OwnerFilterBackend(BaseFilterBackend):
     """Adds the objects owned by the user"""
@@ -133,3 +136,10 @@ class SearchByQueryParamFilterBackend(BaseFilterBackend):
             queryset = queryset.filter(_construct_search_query(search))
 
         return queryset
+
+class IPFilterBackend(BaseFilterBackend):
+    def filter_queryset(self, request, queryset, view):
+        if check_client_ip(request):
+            return queryset
+        else:
+            return queryset.none()
\ No newline at end of file
diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index 78f65d19..f236db6c 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -4,8 +4,9 @@ from django.http import Http404
 from rest_framework.permissions import BasePermission, DjangoObjectPermissions, OR, AND
 from rest_framework.filters import BaseFilterBackend
 from rest_framework_guardian.filters import ObjectPermissionsFilter
-from djangoldp.filters import OwnerFilterBackend, NoFilterBackend, PublicFilterBackend
-from djangoldp.utils import is_anonymous_user, is_authenticated_user
+from djangoldp.filters import OwnerFilterBackend, NoFilterBackend, PublicFilterBackend, IPFilterBackend
+from djangoldp.utils import is_anonymous_user, is_authenticated_user, check_client_ip
+
 
 DEFAULT_DJANGOLDP_PERMISSIONS = {'view', 'add', 'change', 'delete', 'control'}
 DEFAULT_RESOURCE_PERMISSIONS = {'view', 'change', 'delete', 'control'}
@@ -229,8 +230,21 @@ class JoinMembersPermission(LDPBasePermission):
         new_ids = {user['@id'] for user in new_members}
         old_ids = {user.urlid for user in obj.members.user_set.all()}
         return self.check_patch(new_ids, old_ids, request.user) and self.check_patch(old_ids, new_ids, request.user)
+
+    def get_permissions(self, user, model, obj=None):
+        return set()
+
+
+class IPOpenPermissions(LDPBasePermission):
+    filter_backend = IPFilterBackend
+    def has_permission(self, request, view):
+        return check_client_ip(request)
+
+    def has_object_permission(self, request, view, obj):
+        return check_client_ip(request)
     
     def get_permissions(self, user, model, obj=None):
+        #Will always say there is no migrations, not taking the IP into accounts
         return set()
 
 
diff --git a/djangoldp/utils.py b/djangoldp/utils.py
index a32ac615..4413252b 100644
--- a/djangoldp/utils.py
+++ b/djangoldp/utils.py
@@ -12,3 +12,14 @@ def is_anonymous_user(user):
 def is_authenticated_user(user):
     anonymous_username = getattr(settings, 'ANONYMOUS_USER_NAME', None)
     return user.is_authenticated and user.username != anonymous_username
+
+
+# this method is used to check if a given IP is part of the PASSTHROUGH_IPS list
+def check_client_ip(request):
+    x_forwarded_for = request.headers.get('x-forwarded-for')
+    if x_forwarded_for:
+        if any(ip in x_forwarded_for.replace(' ', '').split(',') for ip in PASSTHROUGH_IPS):
+            return True
+    elif request.META.get('REMOTE_ADDR') in PASSTHROUGH_IPS:
+        return True
+    return False
-- 
GitLab


From 03f404952d5adc52bf20ef39bcb9628af809d23e Mon Sep 17 00:00:00 2001
From: autodeploy <benoit@startinblox.com>
Date: Tue, 2 Jul 2024 17:50:48 +0200
Subject: [PATCH 2/2] removing: empty space

---
 djangoldp/permissions.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index f236db6c..95c43099 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -242,7 +242,7 @@ class IPOpenPermissions(LDPBasePermission):
 
     def has_object_permission(self, request, view, obj):
         return check_client_ip(request)
-    
+
     def get_permissions(self, user, model, obj=None):
         #Will always say there is no migrations, not taking the IP into accounts
         return set()
-- 
GitLab