From 6c6254956f901a27754b365c753fcdce17bca7c8 Mon Sep 17 00:00:00 2001
From: KoMinkyu <minkyuko411@gmail.com>
Date: Thu, 13 Oct 2016 03:52:01 +0900
Subject: [PATCH] Don't abort requests when path is not limited.

---
 server.py | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/server.py b/server.py
index 3297d17..d864fd8 100644
--- a/server.py
+++ b/server.py
@@ -1,26 +1,38 @@
-import os
-from sys import platform as _platform
-
 from flask import Flask, abort, request
 from flask import request
-app = Flask(__name__)
 
+app = Flask(__name__)
 
 # 104.192.143.192/28
 # 104.192.143.208/28
 trusted_remote_addrs = list(map(
     lambda last: '104.192.143.' + str(last),
     list(range(192, 192 + 16)) + list(range(208, 208 + 16))
-)) + ['127.0.0.1']
+))
+
+BITBUCKET_WEBHOOK_PATH = '/webhook'
+
+webhook_paths = [
+    BITBUCKET_WEBHOOK_PATH,
+]
 
 
 @app.before_request
 def limit_remote_addr():
-    if request.remote_addr not in trusted_remote_addrs:
+    if (is_webhook_path(request.path) and
+            not is_trusted_remote_addrs(request.remote_addr)):
         abort(403)
 
 
-@app.route('/webhook', methods=['GET', 'POST'])
+def is_webhook_path(path):
+    return path in webhook_paths
+
+
+def is_trusted_remote_addrs(remote_addr):
+    return remote_addr in trusted_remote_addrs
+
+
+@app.route(BITBUCKET_WEBHOOK_PATH, methods=['GET', 'POST'])
 def tracking():
     if request.method == 'POST':
         data = request.get_json()
@@ -30,5 +42,6 @@ def tracking():
         print('Webhook received! %s committed %s' % (commit_author, commit_hash))
         return 'OK'
 
+
 if __name__ == '__main__':
-    app.run(host='0.0.0.0', port=5000, debug=True)
\ No newline at end of file
+    app.run(host='0.0.0.0', port=5000, debug=True)