Ip Filter allow local host to properties

Author: physcom

src/main/kotlin/io/openfuture/api/config/filter/ApiAuthorizationFilter.kt

@@ -17,7 +17,6 @@ class ApiAuthorizationFilter(
 
     private val ipV4LoopBack = "127.0.0.1"
     private val ipV6LoopBack = "0:0:0:0:0:0:0:1"
-    var allowLocalhost = true
 
     override fun init(filterConfig: FilterConfig?) {
         // Do nothing
@@ -44,14 +43,16 @@ class ApiAuthorizationFilter(
     fun isAllowed(request: HttpServletRequest): Boolean {
 
         val ip = request.remoteAddr
-        if (allowLocalhost && (ipV4LoopBack == ip || ipV6LoopBack == ip)) {
+        if (properties.allowLocalHost && (ipV4LoopBack == ip || ipV6LoopBack == ip)) {
             return true
         }
 
-        val matcher = IpAddressMatcher(properties.cidr)
+        if (properties.cidr !=  null) {
+            val matcher = IpAddressMatcher(properties.cidr)
 
-        if (matcher.matches(request.getHeader("X-Forwarded-For"))) {
-            return true
+            if (matcher.matches(request.getHeader("X-Forwarded-For"))) {
+                return true
+            }
         }
 
         return false

src/main/kotlin/io/openfuture/api/config/propety/AuthorizationProperties.kt

@@ -11,5 +11,6 @@ import javax.validation.constraints.NotEmpty
 class AuthorizationProperties(
         @field:NotEmpty var cookieName: String? = null,
         var expireApi: Long? = 10,
-        var cidr: String? = null
+        var cidr: String? = null,
+        var allowLocalHost: Boolean = false
 )

src/main/resources/application.properties

@@ -21,6 +21,7 @@ ethereum.event-subscription=${EVENT_SUBSCRIPTION}
 auth.cookie-name=open_key
 auth.expire-api=10
 auth.cidr=${PUBLIC_IP_SUBNET}
+auth.allow-local-host=false
 
 # WIDGET
 widget.host=${WIDGET_HOST}