move user-agent filter for /auth/github to redis

2015-11-20 13:53:35 +01:00 · 2015-11-20 13:53:35 +01:00 · efb91d0a38
commit efb91d0a38
parent b138fbcdeb
1 changed files with 11 additions and 1 deletions
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@ -78,7 +78,7 @@ class Travis::Api::App
      #
      # * **github_token**: GitHub token for checking authorization (required)
      post '/github' do
-        halt 503, "Endpoint temporarily disabled" unless settings.test? or request.user_agent =~ /^Travis/
+        check_agent
        unless params[:github_token]
          halt 422, { "error" => "Must pass 'github_token' parameter" }
        end
@ -146,6 +146,16 @@ class Travis::Api::App

      private

+        def allowed_agents
+          @allowed_agents ||= redis.smembers('auth_agents')
+        end
+
+        def check_agent
+          return if settings.test? or allowed_agents.empty?
+          return if allowed_agents.any? { |a| request.user_agent.to_s.start_with? a }
+          halt 403, "you are currently not allowed to perform this request. please contact support@travis-ci.com."
+        end
+
        def serialize_user(user)
          rendered = Travis::Api.data(user, version: :v2)
          rendered['user'].merge('token' => user.tokens.first.try(:token).to_s)