Skip to content

Commit 33d7401

Browse files
cprussincprussin
committed
feat(staking): add IP whitelist
1 parent 6f02bbb commit 33d7401

File tree

2 files changed

+20
-9
lines changed

2 files changed

+20
-9
lines changed

apps/staking/src/config/server.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ export const WALLETCONNECT_PROJECT_ID = demandInProduction(
5454
export const MAINNET_RPC = process.env.MAINNET_RPC;
5555
export const HERMES_URL = getOr("HERMES_URL", "https://hermes.pyth.network");
5656
export const BLOCKED_REGIONS = transformOr("BLOCKED_REGIONS", fromCsv, []);
57+
export const IP_ALLOWLIST = transformOr("IP_ALLOWLIST", fromCsv, []);
5758
export const GOVERNANCE_ONLY_REGIONS = transformOr(
5859
"GOVERNANCE_ONLY_REGIONS",
5960
fromCsv,

apps/staking/src/middleware.ts

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import {
1010
BLOCKED_REGIONS,
1111
GOVERNANCE_ONLY_REGIONS,
1212
PROXYCHECK_API_KEY,
13+
IP_ALLOWLIST,
1314
} from "./config/server";
1415

1516
const GEO_BLOCKED_PATH = `/${GEO_BLOCKED_SEGMENT}`;
@@ -21,22 +22,31 @@ const proxyCheckClient = PROXYCHECK_API_KEY
2122
: undefined;
2223

2324
export const middleware = async (request: NextRequest) => {
24-
if (await isProxyBlocked(request)) {
25-
return rewrite(request, VPN_BLOCKED_PATH);
26-
} else if (isGovernanceOnlyRegion(request)) {
27-
return rewrite(request, GOVERNANCE_ONLY_PATH);
28-
} else if (isRegionBlocked(request)) {
29-
return rewrite(request, GEO_BLOCKED_PATH);
30-
} else if (isBlockedSegment(request)) {
31-
return rewrite(request, "/not-found");
25+
if (isIpAllowlisted(request)) {
26+
return isBlockedSegment(request)
27+
? rewrite(request, "/not-found")
28+
: undefined;
3229
} else {
33-
return;
30+
if (await isProxyBlocked(request)) {
31+
return rewrite(request, VPN_BLOCKED_PATH);
32+
} else if (isGovernanceOnlyRegion(request)) {
33+
return rewrite(request, GOVERNANCE_ONLY_PATH);
34+
} else if (isRegionBlocked(request)) {
35+
return rewrite(request, GEO_BLOCKED_PATH);
36+
} else if (isBlockedSegment(request)) {
37+
return rewrite(request, "/not-found");
38+
} else {
39+
return;
40+
}
3441
}
3542
};
3643

3744
const rewrite = (request: NextRequest, path: string) =>
3845
NextResponse.rewrite(new URL(path, request.url));
3946

47+
const isIpAllowlisted = ({ ip }: NextRequest) =>
48+
ip !== undefined && IP_ALLOWLIST.includes(ip);
49+
4050
const isGovernanceOnlyRegion = ({ geo }: NextRequest) =>
4151
geo?.country !== undefined &&
4252
GOVERNANCE_ONLY_REGIONS.includes(geo.country.toLowerCase());

0 commit comments

Comments
 (0)