WIP Add Webhooks controller, allowed IP config

2023-01-11 19:17:27 +08:00 · 2023-01-11 19:17:27 +08:00 · 68e0d00f6e
parent 2e1d930e0f
commit 68e0d00f6e
6 changed files with 53 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -9,3 +9,5 @@ BTCPAY_API_URL='http://localhost:23001/api/v1'

 LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+
+WEBHOOKS_ALLOWED_IPS='10.1.1.163'
--- a/.env.production
+++ b/.env.production
@ -5,3 +5,5 @@ BTCPAY_API_URL='http://10.1.1.163:23001/api/v1'
 LNDHUB_LEGACY_API_URL='http://10.1.1.163:3026'
 LNDHUB_API_URL='http://10.1.1.163:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+
+WEBHOOKS_ALLOWED_IPS='10.1.1.163'
--- a/.env.test
+++ b/.env.test
@ -1,5 +1,9 @@
 EJABBERD_API_URL='http://xmpp.example.com/api'
+
 BTCPAY_API_URL='http://btcpay.example.com/api/v1'
+
 LNDHUB_LEGACY_API_URL='http://localhost:3023'
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+
+WEBHOOKS_ALLOWED_IPS='10.1.1.23'
--- a/app/controllers/webhooks_controller.rb
+++ b/app/controllers/webhooks_controller.rb
@ -0,0 +1,23 @@
+class WebhooksController < ApplicationController
+  skip_forgery_protection
+
+  before_action :authorize_request
+
+  def lndhub
+    begin
+      payload = JSON.parse(request.body.read, symbolize_names: true)
+    rescue
+      head :unprocessable_entity and return
+    end
+
+    head :ok
+  end
+
+  private
+
+  def authorize_request
+    if !ENV['WEBHOOKS_ALLOWED_IPS'].split(',').include?(request.remote_ip)
+      head :forbidden and return
+    end
+  end
+end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -25,6 +25,8 @@ Rails.application.routes.draw do
  get 'lnurlpay/:address', to: 'lnurlpay#index', constraints: { address: /[^\/]+/}
  get 'lnurlpay/:address/invoice', to: 'lnurlpay#invoice', constraints: { address: /[^\/]+/}

+  post 'webhooks/lndhub', to: 'webhooks#lndhub'
+
  namespace :api do
    get 'kredits/onchain_btc_balance', to: 'kredits#onchain_btc_balance'
  end
--- a/spec/requests/webhooks_spec.rb
+++ b/spec/requests/webhooks_spec.rb
@ -0,0 +1,20 @@
+require 'rails_helper'
+
+RSpec.describe "Webhooks", type: :request do
+  describe "Allowed IP addresses" do
+    context "IP not allowed" do
+      it "returns a 403 status" do
+        post "/webhooks/lndhub"
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
+    context "IP allowed" do
+      it "returns a 403 status" do
+        ENV['WEBHOOKS_ALLOWED_IPS'] = '127.0.0.1'
+        post "/webhooks/lndhub"
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+  end
+end