MCPcopy Create free account
hub / github.com/MITK/MITK / CheckClientAccess

Method CheckClientAccess

Modules/RESTAPI/src/mitkRestServer.cpp:618–660  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

616// --- Security middleware implementations ---
617
618bool RestServer::CheckClientAccess(const httplib::Request& req, httplib::Response& res)
619{
620 // Access m_RunningConfig without lock - called from httplib worker thread.
621 // m_RunningConfig is set before the server starts accepting connections
622 // and cleared after the server stops, so it is safe to read here.
623 const auto& config = *m_RunningConfig;
624
625 switch (config.clientAccessMode)
626 {
627 case ClientAccessMode::AllowAll:
628 return true;
629
630 case ClientAccessMode::LocalhostOnly:
631 if (IsLocalhostIP(req.remote_addr))
632 {
633 return true;
634 }
635 break;
636
637 case ClientAccessMode::Whitelist:
638 {
639 const auto& allowedIPs = config.allowedClientIPs;
640 if (std::find(allowedIPs.begin(), allowedIPs.end(), req.remote_addr) != allowedIPs.end())
641 {
642 return true;
643 }
644 break;
645 }
646
647 default:
648 MITK_WARN << "Unknown clientAccessMode value: " << static_cast<int>(config.clientAccessMode);
649 break;
650 }
651
652 // Denied
653 auto error = ErrorResponse::AccessDenied(
654 "Client IP " + SanitizeForLog(req.remote_addr) + " is not allowed", req.path);
655 res.status = 403;
656 res.set_content(error.dump(), "application/json");
657
658 this->RecordRequest(req.path, req.method, res.status, req.remote_addr);
659 return false;
660}
661
662bool RestServer::CheckRateLimit(const httplib::Request& req, httplib::Response& res)
663{

Callers 1

RegisterRoutesMethod · 0.95

Calls 5

RecordRequestMethod · 0.95
IsLocalhostIPFunction · 0.85
SanitizeForLogFunction · 0.85
beginMethod · 0.45
endMethod · 0.45

Tested by

no test coverage detected