diff --git a/htdocs/api/admin/index.php b/htdocs/api/admin/index.php index ed23151d99b..0ca6786b9b2 100644 --- a/htdocs/api/admin/index.php +++ b/htdocs/api/admin/index.php @@ -78,6 +78,12 @@ if ($action == 'setproductionmode') } } +if ($action == 'save') +{ + dolibarr_set_const($db, 'API_RESTICT_ON_IP', GETPOST('API_RESTICT_ON_IP', 'alpha')); +} + + dol_mkdir(DOL_DATA_ROOT.'/api/temp'); // May have been deleted by a purge @@ -93,37 +99,50 @@ print load_fiche_titre($langs->trans("ApiSetup"), $linkback, 'title_setup'); print $langs->trans("ApiDesc")."
\n"; print "
\n"; -//print '
'; +print ''; print ''; +print ''; + print ''; print ''; print ""; -print '"; +print '"; print ""; print ""; -print ''; +print ''; print ''; $production_mode=(empty($conf->global->API_PRODUCTION_MODE)?false:true); if ($production_mode) { - print ''; } else { - print ''; } print ''; print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; + print '
".$langs->trans("Parameter")."'.$langs->trans("Value")."'.$langs->trans("Value")." 
'.$langs->trans("ApiProductionMode").''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ' 
'.$langs->trans("RestrictApiToIps").''; +print '
'; print '

'; +print '
'; + + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file diff --git a/htdocs/api/index.php b/htdocs/api/index.php index 9d42b9995f6..1f1235571cc 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -206,6 +206,21 @@ if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || // Call one APIs or one definition of an API if (! empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && $reg[2] != '/resources.json' && preg_match('/^\/(swagger|resources)\.json\/(.+)$/', $reg[2], $regbis) && $regbis[2] != 'root'))) { + // Restrict API to some IPs + if (! empty($conf->global->API_RESTICT_ON_IP)) + { + $allowedip=explode(' ', $conf->global->API_RESTICT_ON_IP); + $ipremote = getUserRemoteIP(); + if (! in_array($ipremote, $allowedip)) + { + dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTICT_ON_IP); + print 'API not allowed from the IP '.$ipremote; + header('HTTP/1.1 503 API not allowed from your IP '.$ipremote); + //print $conf->global->API_RESTICT_ON_IP; + exit(0); + } + } + $module = $reg[1]; if ($module == 'explorer') // If we call page to explore details of a service { diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index d408cddc5c8..c95c9fe05cc 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1932,3 +1932,4 @@ DeleteEmailCollector=Delete email collector ConfirmDeleteEmailCollector=Are you sure you want to delete this email collector? RecipientEmailsWillBeReplacedWithThisValue=Recipient emails will be always replaced with this value AtLeastOneDefaultBankAccountMandatory=At least 1 default bank account must be defined +RestrictApiToIps=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs. \ No newline at end of file