Hi, I hacked together a few existing rules, “Email domain whitelist” and “Slack Notification on User Signup” to create a rule “IP Address blacklist”.
The rule checks the context.request.ip against a list of known bad IP addresses, and notifies a slack channel if there is a match.
If the user’s context.request.ip is on the list, login and signup works great. For everyone else, login and signup doesn’t work consistently and takes forever. Usually we see “Failed Silent Auth” +
“Request to Webtask got ESOCKETTIMEDOUT” errors.
Can the rule be written asynchronously so it doesn’t interfere with the login, but still notifies the slack channel?
Setting up the IP address list as a configuration doesn’t help vs. writing out the IP addresses. The string might be too long for a configuration? We have the SLACK_HOOK_URL setup as a configuration, that works fine.
Here is the code (with redactions):
const SLACK_HOOK = configuration.SLACK_HOOK_URL;
function (user, context, callback) {
const blacklist = ['ip.address.1','ip.address.2','ip.address.102']; // un-authorized IPs
const blacklistuser = blacklist.some(function (ip) {
return context.request.ip === ip;
});
if (!blacklistuser) return;
// get your slack's hook url from: https://slack.com/services/10525858050
const SLACK_HOOK = configuration.SLACK_HOOK_URL;
const slack = require('slack-notify')(SLACK_HOOK);
const message = 'Login from fraudulent IP: ' + (user.name || user.email) + ' (' + user.email + ')' + ' (' + context.request.ip + ')';
const channel = '#fraud_alerts';
slack.success({
text: message,
channel: channel
});
// don't wait for the Slack API call to finish, return right away (the request will continue on the sandbox)`
callback(null, user, context);
}
