diff --git a/src/Indexer/Program.cs b/src/Indexer/Program.cs index 415ad0b..d519ed3 100644 --- a/src/Indexer/Program.cs +++ b/src/Indexer/Program.cs @@ -32,22 +32,31 @@ builder.Services.AddElmah(Options => }); var app = builder.Build(); -app.Map("/elmah", builder => // Add a middleware before Elmah that authorizes only the development environment +List? allowedIps = builder.Configuration.GetSection("EmbeddingsearchIndexer:Elmah:AllowedHosts") + .Get>(); + +app.Use(async (context, next) => { - builder.Use(async (context, next) => + if (context.Request.Path.StartsWithSegments("/elmah")) { - if (!app.Environment.IsDevelopment()) // TODO add configuration option to allow for elmah (i.e. opt-in) + + var remoteIp = context.Connection.RemoteIpAddress?.ToString(); + bool blockRequest = allowedIps is null + || remoteIp is null + || !allowedIps.Contains(remoteIp); + if (blockRequest) { context.Response.StatusCode = 403; await context.Response.WriteAsync("Forbidden"); return; } + } - await next(); - }); - - builder.UseElmah(); + await next(); }); + +app.UseElmah(); + app.MapHealthChecks("/healthz"); // Configure the HTTP request pipeline. diff --git a/src/Indexer/appsettings.Docker.json b/src/Indexer/appsettings.Docker.json index 8bbd13a..bd15c8b 100644 --- a/src/Indexer/appsettings.Docker.json +++ b/src/Indexer/appsettings.Docker.json @@ -17,6 +17,13 @@ "ApiKeys": ["b54ea868-496e-11f0-9cc7-f79f06b160e5", "bbdeedf0-496e-11f0-9744-97e28c221f67"] }, "EmbeddingsearchIndexer": { + "Elmah": { + "AllowedHosts": [ + "127.0.0.1", + "::1", + "172.17.0.1" + ] + }, "Worker": [ { diff --git a/src/Indexer/appsettings.json b/src/Indexer/appsettings.json index 4d56694..dd6e720 100644 --- a/src/Indexer/appsettings.json +++ b/src/Indexer/appsettings.json @@ -5,5 +5,13 @@ "Microsoft.AspNetCore": "Warning" } }, + "EmbeddingsearchIndexer": { + "Elmah": { + "AllowedHosts": [ + "127.0.0.1", + "::1" + ] + } + }, "AllowedHosts": "*" }