Show sensitive data if IP is in whitelist

#39
internetee · May 23, 2018 · edc8fe4 · edc8fe4
1 parent 4d25b82
commit edc8fe4
Show file tree

Hide file tree

Showing 7 changed files with 238 additions and 116 deletions.
diff --git a/app/controllers/whois_records_controller.rb b/app/controllers/whois_records_controller.rb
@@ -3,7 +3,7 @@ def show
     domain_name = SimpleIDN.to_unicode(params[:id].to_s).downcase
     @whois_record = WhoisRecord.find_by(name: domain_name)
 
-    set_captcha_and_whitelist
+    @show_sensitive_data = (ip_in_whitelist? || captcha_solved?)
     log_message(params, @whois_record)
 
     respond_to do |format|
@@ -29,24 +29,27 @@ def show
 
   private
 
-  def set_captcha_and_whitelist
-    @whitelist = true if request.remote_ip == ENV['whitelist_ip']
-
-    @verified = verify_recaptcha if request.format == 'html'
-  end
-
   def log_message(params, whois_record)
     if whois_record
       Rails.logger.warn(
         "Requested: #{params[:id]}; " \
         "Record found with id: #{@whois_record.id}; " \
-        "Captcha result: #{@verified ? 'yes' : 'no'}; ip: #{request.remote_ip};"
+        "Captcha result: #{captcha_solved? ? 'yes' : 'no'}; ip: #{request.remote_ip};"
       )
     else
       Rails.logger.warn(
         "Requested: #{params[:id]}; Record not found; " \
-        "Captcha result: #{@verified ? 'yes' : 'no'}; ip: #{request.remote_ip};"
+        "Captcha result: #{captcha_solved? ? 'yes' : 'no'}; ip: #{request.remote_ip};"
       )
     end
   end
+
+  def ip_in_whitelist?
+    return unless ENV['whitelist_ip'].present?
+    ENV['whitelist_ip'] == request.remote_ip
+  end
+
+  def captcha_solved?
+    verify_recaptcha if request.format.html?
+  end
 end
diff --git a/app/views/whois_records/_private_person.html.erb b/app/views/whois_records/_private_person.html.erb
@@ -1,3 +1,4 @@
+<%- sensitive_data_placeholder = 'Not Disclosed' %>
 Domain:
 name:       <%= json['name'] %>
 <%- for st in Array(json['status']) -%>
@@ -11,24 +12,24 @@ delete:     <%= json['delete'].to_s.tr('T',' ').sub('+', ' +') %>
 
 Registrant:
 name:       Private Person
-email:      Not Disclosed
-changed:    Not Disclosed
+email:      <%= show_sensitive_data ? json['email'] : sensitive_data_placeholder %>
+changed:    <%= show_sensitive_data ? json['changed'].to_s.tr('T',' ').sub('+', ' +') : sensitive_data_placeholder %>
 
 <%- if json['admin_contacts'].present? -%>
 Administrative contact:
 <%- for contact in json['admin_contacts'] -%>
-name:       Not Disclosed
-email:      Not Disclosed
-changed:    Not Disclosed
+name:       <%= show_sensitive_data ? contact['name'] : sensitive_data_placeholder %>
+email:      <%= show_sensitive_data ? contact['email'] : sensitive_data_placeholder %>
+changed:    <%= show_sensitive_data ? contact['changed'].to_s.tr('T',' ').sub('+', ' +') : sensitive_data_placeholder %>
 <%- end -%>
 <%- end -%>
 
 <%- if json['tech_contacts'].present? -%>
 Technical contact:
 <%- for contact in json['tech_contacts'] -%>
-name:       Not Disclosed
-email:      Not Disclosed
-changed:    Not Disclosed
+name:       <%= show_sensitive_data ? contact['name'] : sensitive_data_placeholder %>
+email:      <%= show_sensitive_data ? contact['email'] : sensitive_data_placeholder %>
+changed:    <%= show_sensitive_data ? contact['changed'].to_s.tr('T',' ').sub('+', ' +') : sensitive_data_placeholder %>
 <%- end -%>
 <%- end -%>
 

diff --git a/app/views/whois_records/_whois.html.erb b/app/views/whois_records/_whois.html.erb
@@ -3,7 +3,8 @@
 <%- end -%>
 Estonia .ee Top Level Domain WHOIS server
 
-<%= render partial: @whois_record.partial_name(@whitelist || @verified), locals: { json: @whois_record.json } -%>
+<%= render partial: @whois_record.partial_name(show_sensitive_data), locals: { json: @whois_record.json,
+                                                                     show_sensitive_data: show_sensitive_data} -%>
 
 Estonia .ee Top Level Domain WHOIS server
 More information at http://internet.ee
diff --git a/app/views/whois_records/show.html.erb b/app/views/whois_records/show.html.erb
@@ -1,12 +1,11 @@
 <pre>
-  <%= render partial: "whois", locals: { json: @whois_record.json } %>
+  <%= render partial: "whois", locals: { json: @whois_record.json,
+                                         show_sensitive_data: @show_sensitive_data } %>
 </pre>
-<% if @verified.blank? %>
-    <div>
-        <%= form_for @whois_record, url: "/v1/#{@whois_record.name}", method: :get do |f| %>
-            <%= recaptcha_tags %>
-            <br/>
-            <%= submit_tag 'View full whois info', name: nil %>
-        <% end %>
-    </div>
+<% if !@show_sensitive_data %>
+      <%= form_for @whois_record, url: "/v1/#{@whois_record.name}", method: :get do |f| %>
+          <%= recaptcha_tags %>
+          <br/>
+          <%= submit_tag 'View full whois info', name: nil %>
+      <% end %>
 <% end %>
diff --git a/app/views/whois_records/show.json.jbuilder b/app/views/whois_records/show.json.jbuilder
@@ -1,3 +1,3 @@
 json.disclaimer @whois_record.json['disclaimer']
 json.status @whois_record.json['status']
-json.partial! @whois_record.partial_name(@whitelist), locals: { whois_record: @whois_record }
+json.partial! @whois_record.partial_name(@show_sensitive_data), locals: { whois_record: @whois_record }