2023-07-18 14:38:32 +02:00
|
|
|
"""Security checks for the API. Checks if the IP is masked etc."""
|
|
|
|
|
2023-06-23 02:18:28 +02:00
|
|
|
import os
|
|
|
|
import httpx
|
|
|
|
|
|
|
|
from rich import print
|
|
|
|
|
2023-06-28 15:21:14 +02:00
|
|
|
import proxies
|
|
|
|
|
|
|
|
from dotenv import load_dotenv
|
|
|
|
|
|
|
|
load_dotenv()
|
2023-06-23 02:18:28 +02:00
|
|
|
is_proxy_enabled = False
|
|
|
|
|
|
|
|
class InsecureIPError(Exception):
|
|
|
|
"""Raised when the IP address of the server is not secure."""
|
|
|
|
|
|
|
|
def ip_protection_check():
|
|
|
|
"""Makes sure that the actual server IP address is not exposed to the public."""
|
|
|
|
|
|
|
|
actual_ips = os.getenv('ACTUAL_IPS', '').split()
|
|
|
|
|
|
|
|
if actual_ips:
|
2023-06-28 15:21:14 +02:00
|
|
|
echo_response = httpx.get(
|
|
|
|
url='https://echo.hoppscotch.io/',
|
|
|
|
timeout=15
|
|
|
|
)
|
|
|
|
|
|
|
|
response_data = echo_response.json()
|
|
|
|
response_ip = response_data['headers']['x-forwarded-for']
|
2023-06-23 02:18:28 +02:00
|
|
|
|
|
|
|
for actual_ip in actual_ips:
|
2023-06-28 15:21:14 +02:00
|
|
|
if actual_ip in response_data:
|
|
|
|
raise InsecureIPError(f'IP pattern "{actual_ip}" is in the values of ACTUAL_IPS of the\
|
2023-06-23 02:18:28 +02:00
|
|
|
.env file. Enable a VPN or proxy to continue.')
|
|
|
|
|
|
|
|
if is_proxy_enabled:
|
2023-06-28 15:21:14 +02:00
|
|
|
print(f'[green]SUCCESS: The IP "{response_ip}" was detected, which seems to be a proxy. Great![/green]')
|
2023-06-23 02:18:28 +02:00
|
|
|
|
|
|
|
else:
|
|
|
|
print('[yellow]WARNING: ACTUAL_IPS is not set in the .env file or empty.\
|
|
|
|
This means that the real IP of the server could be exposed. If you\'re using something\
|
|
|
|
like Cloudflare or Repl.it, you can ignore this warning.[/yellow]')
|
2023-06-28 15:21:14 +02:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
enable_proxy()
|
|
|
|
ip_protection_check()
|