[TRELLO-2464] Add endpoints to manage blacklisted ips (#1714)

betagouv · Aug 20, 2024 · 9d93ec6 · 9d93ec6
1 parent 277dc4a
commit 9d93ec6
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 11 deletions.
diff --git a/app/controllers/AdminController.scala b/app/controllers/AdminController.scala
@@ -23,6 +23,8 @@ import play.twirl.api.Html
 import repositories.company.CompanyRepositoryInterface
 import repositories.companyaccess.CompanyAccessRepositoryInterface
 import repositories.event.EventRepositoryInterface
+import repositories.ipblacklist.BlackListedIp
+import repositories.ipblacklist.IpBlackListRepositoryInterface
 import repositories.report.ReportRepositoryInterface
 import services.PDFService
 import services.emails.EmailDefinitions.allEmailDefinitions
@@ -54,6 +56,7 @@ class AdminController(
     reportFileOrchestrator: ReportFileOrchestrator,
     companyRepository: CompanyRepositoryInterface,
     emailNotificationOrchestrator: EmailNotificationOrchestrator,
+    ipBlackListRepository: IpBlackListRepositoryInterface,
     implicit val frontRoute: FrontRoute,
     authenticator: Authenticator[User],
     controllerComponents: ControllerComponents
@@ -280,4 +283,19 @@ class AdminController(
         }
       } yield NoContent
     }
+
+  def blackListedIPs() = SecuredAction.andThen(WithRole(UserRole.Admin)).async { _ =>
+    ipBlackListRepository.list().map(blackListedIps => Ok(Json.toJson(blackListedIps)))
+  }
+
+  def deleteBlacklistedIp(ip: String) = SecuredAction.andThen(WithRole(UserRole.Admin)).async { _ =>
+    ipBlackListRepository.delete(ip).map(_ => NoContent)
+  }
+
+  def createBlacklistedIp() = SecuredAction.andThen(WithRole(UserRole.Admin)).async(parse.json) { implicit request =>
+    for {
+      blacklistedIpRequest <- request.parseBody[BlackListedIp]()
+      blackListedIp        <- ipBlackListRepository.create(blacklistedIpRequest)
+    } yield Created(Json.toJson(blackListedIp))
+  }
 }
diff --git a/app/loader/SignalConsoApplicationLoader.scala b/app/loader/SignalConsoApplicationLoader.scala
@@ -605,6 +605,7 @@ class SignalConsoComponents(
     reportFileOrchestrator,
     companyRepository,
     emailNotificationOrchestrator,
+    ipBlackListRepository,
     frontRoute,
     cookieAuthenticator,
     controllerComponents

diff --git a/app/repositories/ipblacklist/BlackListedIp.scala b/app/repositories/ipblacklist/BlackListedIp.scala
@@ -1,3 +1,10 @@
 package repositories.ipblacklist
 
+import play.api.libs.json.Json
+import play.api.libs.json.OFormat
+
 case class BlackListedIp(ip: String, comment: String, critical: Boolean)
+
+object BlackListedIp {
+  implicit val format: OFormat[BlackListedIp] = Json.format[BlackListedIp]
+}
diff --git a/app/repositories/ipblacklist/IpBlackListRepository.scala b/app/repositories/ipblacklist/IpBlackListRepository.scala
@@ -1,17 +1,27 @@
 package repositories.ipblacklist
 
 import repositories.PostgresProfile.api._
-import repositories.TypedCRUDRepository
 import slick.basic.DatabaseConfig
 import slick.jdbc.JdbcProfile
 
 import scala.concurrent.ExecutionContext
+import scala.concurrent.Future
 
-class IpBlackListRepository(override val dbConfig: DatabaseConfig[JdbcProfile])(implicit
-    override val ec: ExecutionContext
-) extends TypedCRUDRepository[IpBlackListTable, BlackListedIp, String]
-    with IpBlackListRepositoryInterface {
+class IpBlackListRepository(dbConfig: DatabaseConfig[JdbcProfile])(implicit ec: ExecutionContext)
+    extends IpBlackListRepositoryInterface {
 
-  override val table = IpBlackListTable.table
+  val table = IpBlackListTable.table
 
+  import dbConfig._
+
+  override def create(ip: BlackListedIp): Future[BlackListedIp] = db
+    .run(
+      table returning table += ip
+    )
+
+  override def delete(ip: String): Future[Int] = db.run(
+    table.filter(_.ip === ip).delete
+  )
+
+  override def list(): Future[List[BlackListedIp]] = db.run(table.to[List].result)
 }
diff --git a/app/repositories/ipblacklist/IpBlackListRepositoryInterface.scala b/app/repositories/ipblacklist/IpBlackListRepositoryInterface.scala
@@ -1,5 +1,9 @@
 package repositories.ipblacklist
 
-import repositories.TypedCRUDRepositoryInterface
+import scala.concurrent.Future
 
-trait IpBlackListRepositoryInterface extends TypedCRUDRepositoryInterface[BlackListedIp, String] {}
+trait IpBlackListRepositoryInterface {
+  def create(ip: BlackListedIp): Future[BlackListedIp]
+  def delete(ip: String): Future[Int]
+  def list(): Future[List[BlackListedIp]]
+}
diff --git a/app/repositories/ipblacklist/IpBlackListTable.scala b/app/repositories/ipblacklist/IpBlackListTable.scala
@@ -1,11 +1,10 @@
 package repositories.ipblacklist
 
-import repositories.TypedDatabaseTable
 import slick.lifted.ProvenShape
 import slick.lifted.Tag
 import repositories.PostgresProfile.api._
 
-class IpBlackListTable(tag: Tag) extends TypedDatabaseTable[BlackListedIp, String](tag, "ip_black_list") {
+class IpBlackListTable(tag: Tag) extends Table[BlackListedIp](tag, "ip_black_list") {
 
   def ip       = column[String]("ip", O.PrimaryKey)
   def comment  = column[String]("comment")

diff --git a/conf/routes b/conf/routes
@@ -38,7 +38,7 @@ GET           /api/reports/files                                        controll
 GET           /api/reports/files/:uuid/:filename                        controllers.ReportFileController.downloadReportFile(uuid: ReportFileId, filename)
 DELETE        /api/reports/files/:uuid/:filename                        controllers.ReportFileController.deleteReportFile(uuid: ReportFileId, filename)
 POST          /api/reports/files                                        controllers.ReportFileController.uploadReportFile()
-POST           /api/reports/files/list                                   controllers.ReportFileController.retrieveReportFiles()
+POST          /api/reports/files/list                                   controllers.ReportFileController.retrieveReportFiles()
 
 GET           /api/reports/download                                     controllers.ReportController.reportsAsPDF()
 GET           /api/reports/download-with-attachments/:reportId          controllers.ReportController.reportAsZip(reportId: java.util.UUID)
@@ -200,6 +200,11 @@ GET           /api/blacklisted-emails                                   controll
 POST          /api/blacklisted-emails                                   controllers.BlacklistedEmailsController.add()
 DELETE        /api/blacklisted-emails/:uuid                             controllers.BlacklistedEmailsController.delete(uuid: java.util.UUID)
 
+ # Blacklist of ips
+GET           /api/blacklisted-ips                                      controllers.AdminController.blackListedIPs()
+POST          /api/blacklisted-ips                                      controllers.AdminController.createBlacklistedIp()
+DELETE        /api/blacklisted-ips/:ip                                  controllers.AdminController.deleteBlacklistedIp(ip: String)
+
 POST          /api/user-reports-filters                                 controllers.UserReportsFiltersController.save()
 GET           /api/user-reports-filters/:name                           controllers.UserReportsFiltersController.get(name: String)
 GET           /api/user-reports-filters                                 controllers.UserReportsFiltersController.list()