restrict access based on the blockIP property of the JWT

Author: ThomasKranitsas

app.js

@@ -127,6 +127,19 @@ _.each(routes, (verbs, url) => {
       })
     }
 
+    if (def.blockByIp) {
+      actions.push((req, res, next) => {
+        req.authUser.blockIP = _.find(req.authUser, (value, key) => {
+          return (key.indexOf('blockIP') !== -1)
+        })
+        if (req.authUser.blockIP) {
+          throw new errors.HttpStatusError(403, 'Access denied')
+        } else {
+          next()
+        }
+      })
+    }
+
     actions.push(method)
     winston.info(`API : ${verb.toLocaleUpperCase()} ${config.API_VERSION}${url}`)
     apiRouter[verb](`${config.API_VERSION}${url}`, helper.autoWrapExpress(actions))

src/routes/ReviewRoutes.js

@@ -9,14 +9,16 @@ module.exports = {
       method: 'createReview',
       auth: 'jwt',
       access: ['Administrator', 'Copilot'],
-      scopes: ['create:review', 'all:review']
+      scopes: ['create:review', 'all:review'],
+      blockByIp: true
     },
     get: {
       controller: 'ReviewController',
       method: 'listReviews',
       auth: 'jwt',
       access: ['Administrator', 'Copilot'],
-      scopes: ['read:review', 'all:review']
+      scopes: ['read:review', 'all:review'],
+      blockByIp: true
     }
   },
   '/reviews/:reviewId': {
@@ -25,28 +27,32 @@ module.exports = {
       method: 'getReview',
       auth: 'jwt',
       access: ['Administrator', 'Copilot', 'Topcoder User'],
-      scopes: ['read:review', 'all:review']
+      scopes: ['read:review', 'all:review'],
+      blockByIp: true
     },
     put: {
       controller: 'ReviewController',
       method: 'updateReview',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['update:review', 'all:review']
+      scopes: ['update:review', 'all:review'],
+      blockByIp: true
     },
     patch: {
       controller: 'ReviewController',
       method: 'patchReview',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['update:review', 'all:review']
+      scopes: ['update:review', 'all:review'],
+      blockByIp: true
     },
     delete: {
       controller: 'ReviewController',
       method: 'deleteReview',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['delete:review', 'all:review']
+      scopes: ['delete:review', 'all:review'],
+      blockByIp: true
     }
   }
 }

src/routes/ReviewSummationRoutes.js

@@ -9,14 +9,16 @@ module.exports = {
       method: 'createReviewSummation',
       auth: 'jwt',
       access: ['Administrator', 'Copilot'],
-      scopes: ['create:review_summation', 'all:review_summation']
+      scopes: ['create:review_summation', 'all:review_summation'],
+      blockByIp: true
     },
     get: {
       controller: 'ReviewSummationController',
       method: 'listReviewSummations',
       auth: 'jwt',
       access: ['Administrator', 'Copilot'],
-      scopes: ['read:review_summation', 'all:review_summation']
+      scopes: ['read:review_summation', 'all:review_summation'],
+      blockByIp: true
     }
   },
   '/reviewSummations/:reviewSummationId': {
@@ -25,28 +27,32 @@ module.exports = {
       method: 'getReviewSummation',
       auth: 'jwt',
       access: ['Administrator', 'Copilot'],
-      scopes: ['read:review_summation', 'all:review_summation']
+      scopes: ['read:review_summation', 'all:review_summation'],
+      blockByIp: true
     },
     put: {
       controller: 'ReviewSummationController',
       method: 'updateReviewSummation',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['update:review_summation', 'all:review_summation']
+      scopes: ['update:review_summation', 'all:review_summation'],
+      blockByIp: true
     },
     patch: {
       controller: 'ReviewSummationController',
       method: 'patchReviewSummation',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['update:review_summation', 'all:review_summation']
+      scopes: ['update:review_summation', 'all:review_summation'],
+      blockByIp: true
     },
     delete: {
       controller: 'ReviewSummationController',
       method: 'deleteReviewSummation',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['delete:review_summation', 'all:review_summation']
+      scopes: ['delete:review_summation', 'all:review_summation'],
+      blockByIp: true
     }
   }
 }

src/routes/SubmissionRoutes.js

@@ -9,14 +9,16 @@ module.exports = {
       method: 'createSubmission',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['create:submission', 'all:submission']
+      scopes: ['create:submission', 'all:submission'],
+      blockByIp: true
     },
     get: {
       controller: 'SubmissionController',
       method: 'listSubmissions',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['read:submission', 'all:submission']
+      scopes: ['read:submission', 'all:submission'],
+      blockByIp: true
     }
   },
   '/submissions/:submissionId': {
@@ -25,28 +27,32 @@ module.exports = {
       method: 'getSubmission',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['read:submission', 'all:submission']
+      scopes: ['read:submission', 'all:submission'],
+      blockByIp: true
     },
     put: {
       controller: 'SubmissionController',
       method: 'updateSubmission',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['update:submission', 'all:submission']
+      scopes: ['update:submission', 'all:submission'],
+      blockByIp: true
     },
     patch: {
       controller: 'SubmissionController',
       method: 'patchSubmission',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['update:submission', 'all:submission']
+      scopes: ['update:submission', 'all:submission'],
+      blockByIp: true
     },
     delete: {
       controller: 'SubmissionController',
       method: 'deleteSubmission',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['delete:submission', 'all:submission']
+      scopes: ['delete:submission', 'all:submission'],
+      blockByIp: true
     }
   },
   '/submissions/:submissionId/download': {
@@ -55,7 +61,8 @@ module.exports = {
       method: 'downloadSubmission',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['read:submission', 'all:submission']
+      scopes: ['read:submission', 'all:submission'],
+      blockByIp: true
     }
   },
   '/submissions/:submissionId/artifacts': {
@@ -64,14 +71,16 @@ module.exports = {
       method: 'createArtifact',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['create:submission', 'all:submission']
+      scopes: ['create:submission', 'all:submission'],
+      blockByIp: true
     },
     get: {
       controller: 'ArtifactController',
       method: 'listArtifacts',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['read:submission', 'all:submission']
+      scopes: ['read:submission', 'all:submission'],
+      blockByIp: true
     }
   },
   '/submissions/:submissionId/artifacts/:file': {
@@ -80,7 +89,8 @@ module.exports = {
       method: 'deleteArtifact',
       auth: 'jwt',
       access: ['Administrator'],
-      scopes: ['delete:submission', 'all:submission']
+      scopes: ['delete:submission', 'all:submission'],
+      blockByIp: true
     }
   },
   '/submissions/:submissionId/artifacts/:file/download': {
@@ -89,7 +99,8 @@ module.exports = {
       method: 'downloadArtifact',
       auth: 'jwt',
       access: ['Topcoder User', 'Administrator', 'Copilot'],
-      scopes: ['read:submission', 'all:submission']
+      scopes: ['read:submission', 'all:submission'],
+      blockByIp: true
     }
   }
 }