revert: change to ip lookup

nla · Jan 28, 2024 · bf2827c · bf2827c
1 parent 0c9319b
commit bf2827c
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 6 deletions.
diff --git a/.env.test b/.env.test
@@ -7,8 +7,8 @@ GETALIBRARYCARD_AUTH_PATH=/getalibrarycard/authenticate.xml/%s/%s
 GETALIBRARYCARD_PATRON_DETAILS_PATH=/getalibrarycard/patrons/details/%s.xml
 PATRON_AUTH_URL=https://auth-test.nla.gov.au
 PATRON_AUTH_ENDPOINT="/authenticate"
-LOCAL_SUBNET="187.121.206.0/24,130.195.174.0/24"
-STAFF_SUBNET="200.2.40.0/22"
+LOCAL_SUBNET="187.121.206.121,130.195.174.208"
+STAFF_SUBNET="200.2.40.0,200.2.41.0,200.2.42.0,200.2.43.0"
 NATIONAL_LIBRARY_CARD_URL="https://www.nla.gov.au/getting-started/your-national-library-card"
 ASK_LIBRARIAN_URL=https://www.nla.gov.au/using-library/getting-started/ask-librarian
 GLOBAL_MESSAGE_URL=http://test.nla.gov.au/catalogue-message/1234

diff --git a/app/models/whitelist.rb b/app/models/whitelist.rb
@@ -42,11 +42,13 @@ def staff_subnets
   end
 
   def client_in_subnets(request, subnets)
-    client_ip = get_client_ip request
-
-    subnets.any? do |subnet|
-      IPAddr.new(subnet).include?(client_ip)
+    subnets.each do |subnet|
+      if client_in_subnet(request, subnet)
+        return true
+      end
     end
+
+    false
   end
 
   def get_client_ip(request)
@@ -63,4 +65,22 @@ def get_client_ip(request)
 
     client_ip
   end
+
+  def client_in_subnet(request, subnet)
+    client_ip = get_client_ip request
+
+    client_ranges = client_ip.split(".")
+    subnet_ranges = subnet.split(".")
+
+    match = false
+    4.times { |i|
+      if subnet_ranges[i] == "0" || client_ranges[i] == subnet_ranges[i]
+        match = true
+      else
+        return false
+      end
+    }
+
+    match
+  end
 end