Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DOCRAPTOR_IPS to Django Constance #207

Merged
merged 3 commits into from
Feb 6, 2025
Merged

Add DOCRAPTOR_IPS to Django Constance #207

merged 3 commits into from
Feb 6, 2025

Conversation

pcraig3
Copy link
Collaborator

@pcraig3 pcraig3 commented Feb 5, 2025
edited
Loading

Summary

This PR converts the DOCRAPTOR_IPS env var to a constance variable that is editable in the admin backend by superusers.

We need DocRaptor to be able to access our NOFO pages so that it can request them, load them, and then give us back a PFD document. We use the IPs to identify these incoming requests, and DocRaptor provides a list of IPs that their requests come from.

Sometimes, DocRaptor's IPs change, and then when the NOFO Builder asks for a printout, we end up getting a PDF of our login because the request was not whitelisted. 100% of the time this happens, it's discovered by someone printing a NOFO. Usually, it is also someone who has superuser access.

This PR gives NOFO Builder production staff the ability to solve this problem for themselves by grabbing the latest IP addresses and updating them in the system when they notice a "login" pages getting printed. No more waiting for a code deploy!

Screenshot

Here is what the interface looks like for this:

Screenshot 2025-02-05 at 3 50 49 PM

Only superusers have access to this value, not any user with an account in the NOFO Builder.

Format string

A list of IPs can be passed in in a variety of formats:

  • comma-separated (default): 18.233.48.178,18.235.199.18,23.20.110.13
  • space-separated: 18.233.48.178 18.235.199.18 23.20.110.13
  • newline separated:
18.233.48.178
18.235.199.18
23.20.110.13

You can also combine any of these, eg: 18.233.48.178, \n18.235.199.18, \n23.20.110.13

@pcraig3
Use Constance for DOCRAPTOR_IPS
95563bc 
The motivation here is that we should be able to change the IPs
as we go, particularly when the NOFO production staff start seeing it.

This is only available to superusers.
@pcraig3
Make sure incoming request is secure
27346b2 
If it is http, something is definitely wrong.
@pcraig3 pcraig3 requested a review from jtmst February 5, 2025 21:33
@pcraig3
Remove DOCRAPTOR_IPS as an env var
8c3b942 
Let's remove it as an environment variable.

We are only really using it to set the default value now, which
might also make sense to remove later.
@pcraig3 pcraig3 force-pushed the add-docraptor-ips-to-config branch from 18fd3d8 to 8c3b942 Compare February 5, 2025 21:37
jtmst
jtmst approved these changes Feb 5, 2025
View reviewed changes
Copy link
Collaborator

@jtmst jtmst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. We could consider some kind of validation for IPs to prevent mis-inputs, but optional and not merge blocking

@pcraig3
Copy link
Collaborator Author

pcraig3 commented Feb 6, 2025

Approved! Merging!

@pcraig3 pcraig3 merged commit 032338e into main Feb 6, 2025
4 checks passed
@pcraig3 pcraig3 deleted the add-docraptor-ips-to-config branch February 6, 2025 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtmst jtmst jtmst approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pcraig3 @jtmst