Don't abort requests when path is not limited.

KoMinkyu · Oct 12, 2016 · 6c62549 · 6c62549
1 parent 7320cf7
commit 6c62549
Showing 1 changed file with 21 additions and 8 deletions.
diff --git a/server.py b/server.py
@@ -1,26 +1,38 @@
-import os
-from sys import platform as _platform
-
 from flask import Flask, abort, request
 from flask import request
-app = Flask(__name__)
 
+app = Flask(__name__)
 
 # 104.192.143.192/28
 # 104.192.143.208/28
 trusted_remote_addrs = list(map(
     lambda last: '104.192.143.' + str(last),
     list(range(192, 192 + 16)) + list(range(208, 208 + 16))
-)) + ['127.0.0.1']
+))
+
+BITBUCKET_WEBHOOK_PATH = '/webhook'
+
+webhook_paths = [
+    BITBUCKET_WEBHOOK_PATH,
+]
 
 
 @app.before_request
 def limit_remote_addr():
-    if request.remote_addr not in trusted_remote_addrs:
+    if (is_webhook_path(request.path) and
+            not is_trusted_remote_addrs(request.remote_addr)):
         abort(403)
 
 
-@app.route('/webhook', methods=['GET', 'POST'])
+def is_webhook_path(path):
+    return path in webhook_paths
+
+
+def is_trusted_remote_addrs(remote_addr):
+    return remote_addr in trusted_remote_addrs
+
+
+@app.route(BITBUCKET_WEBHOOK_PATH, methods=['GET', 'POST'])
 def tracking():
     if request.method == 'POST':
         data = request.get_json()
@@ -30,5 +42,6 @@ def tracking():
         print('Webhook received! %s committed %s' % (commit_author, commit_hash))
         return 'OK'
 
+
 if __name__ == '__main__':
-    app.run(host='0.0.0.0', port=5000, debug=True)
+    app.run(host='0.0.0.0', port=5000, debug=True)