|
|
@ -29,7 +29,7 @@ defmodule BlockScoutWeb.API.RPC.RPCTranslator do |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def call(%Conn{params: %{"module" => module, "action" => action}} = conn, translations) do |
|
|
|
def call(%Conn{params: %{"module" => module, "action" => action}} = conn, translations) do |
|
|
|
with true <- valid_api_request_path(conn), |
|
|
|
with {:valid_api_request, true} <- {:valid_api_request, valid_api_request_path(conn)}, |
|
|
|
{:ok, {controller, write_actions}} <- translate_module(translations, module), |
|
|
|
{:ok, {controller, write_actions}} <- translate_module(translations, module), |
|
|
|
{:ok, action} <- translate_action(action), |
|
|
|
{:ok, action} <- translate_action(action), |
|
|
|
true <- action_accessed?(action, write_actions), |
|
|
|
true <- action_accessed?(action, write_actions), |
|
|
@ -58,6 +58,13 @@ defmodule BlockScoutWeb.API.RPC.RPCTranslator do |
|
|
|
:rate_limit_reached -> |
|
|
|
:rate_limit_reached -> |
|
|
|
AccessHelper.handle_rate_limit_deny(conn) |
|
|
|
AccessHelper.handle_rate_limit_deny(conn) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{:valid_api_request, false} -> |
|
|
|
|
|
|
|
conn |
|
|
|
|
|
|
|
|> put_status(404) |
|
|
|
|
|
|
|
|> put_view(RPCView) |
|
|
|
|
|
|
|
|> Controller.render(:error, error: "Not found") |
|
|
|
|
|
|
|
|> halt() |
|
|
|
|
|
|
|
|
|
|
|
_ -> |
|
|
|
_ -> |
|
|
|
conn |
|
|
|
conn |
|
|
|
|> put_status(500) |
|
|
|
|> put_status(500) |
|
|
@ -119,7 +126,8 @@ defmodule BlockScoutWeb.API.RPC.RPCTranslator do |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
defp valid_api_request_path(conn) do |
|
|
|
defp valid_api_request_path(conn) do |
|
|
|
if conn.request_path == "/api" || conn.request_path == "/api/v1" do |
|
|
|
if conn.request_path == "/api" || conn.request_path == "/api/" || conn.request_path == "/api/v1" || |
|
|
|
|
|
|
|
conn.request_path == "/api/v1/" do |
|
|
|
true |
|
|
|
true |
|
|
|
else |
|
|
|
else |
|
|
|
false |
|
|
|
false |
|
|
|