hace 1 año · eeebf7eb2f
--- a/ot_admin/Classes/Http/ApiController.php
+++ b/ot_admin/Classes/Http/ApiController.php
@@ -25,6 +25,11 @@ class ApiController implements LoggerAwareInterface
 
				 {
			
 
				     use LoggerAwareTrait;
			
 
				 
			
 
				+    const PROD_FRONT_IP = "172.16.0.68";
			
 
				+    const PROD_V2_IP = "172.16.0.35";
			
 
				+    const PUBLIC_PRODFRONT_IP = "141.94.117.38";
			
 
				+    const PUBLIC_PROD_V2_IP = "141.94.117.35";
			
 
				+
			
 
				     const array ALLOWED_IPS = [
			
 
				         '/^127\.0\.0\.[0-1]$/', // Localhost
			
 
				         '/^localhost$/',  // Localhost
			
@@ -74,6 +79,28 @@ class ApiController implements LoggerAwareInterface
 
				         return true;
			
 
				     }
			
 
				 
			
 
				+    /**
			
 
				+     * Lève une erreur si l'environnement est la prod et que la requête provient d'un autre environnement, car
			
 
				+     * cette requête a probablement été envoyée à la prod par erreur.
			
 
				+     *
			
 
				+     * Permet de sécuriser certaines opérations destructives, comme la suppression d'organisation.
			
 
				+     *
			
 
				+     * @return void
			
 
				+     */
			
 
				+    private function preventIfIsDubious(): void
			
 
				+    {
			
 
				+        if (
			
 
				+            $_SERVER &&
			
 
				+            (
			
 
				+                ($_SERVER['SERVER_ADDR'] === self::PROD_FRONT_IP && $_SERVER['REMOTE_ADDR'] !== self::PROD_V2_IP) ||
			
 
				+                ($_SERVER['SERVER_ADDR'] === self::PUBLIC_PRODFRONT_IP && $_SERVER['REMOTE_ADDR'] !== self::PUBLIC_PROD_V2_IP)
			
 
				+            )
			
 
				+        ) {
			
 
				+            throw new \RuntimeException("Invalid client ip");
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				+
			
 
				     /**
			
 
				      * Retrieve the organization's id from the given request parameters
			
 
				      *
			
@@ -229,8 +256,13 @@ class ApiController implements LoggerAwareInterface
 
				         $organizationId = $this->getOrganizationId($request);
			
 
				 
			
 
				         $params = $request->getQueryParams();
			
 
				+        $hard = (isset($params['hard']) && $params['hard']);
			
 
				+
			
 
				+        if ($hard) {
			
 
				+            $this->preventIfIsDubious();
			
 
				+        }
			
 
				 
			
 
				-        $rootUid = $this->siteController->deleteSiteAction($organizationId);
			
 
				+        $rootUid = $this->siteController->deleteSiteAction($organizationId, $hard, true, true);
			
 
				 
			
 
				         $this->logger->info(sprintf(
			
 
				             "OtAdmin API: The website with root uid " . $rootUid . " has been soft-deleted " .