From 3468d97da9b2e2250e6d2ad0c7837f18e57f64eb Mon Sep 17 00:00:00 2001
From: Alec Murphy <alec@checksum.fail>
Date: Fri, 21 Mar 2025 14:18:48 -0400
Subject: [PATCH] Slon/Modules/Api: Update whitelist_ip to specify multiple
 values

The whitelist_ip setting will now match on any value encapsulated by
single quotes, regardless of delimiter.
---
 Slon/Modules/Api.HC | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Slon/Modules/Api.HC b/Slon/Modules/Api.HC
index 9d64956..8d04d9d 100644
--- a/Slon/Modules/Api.HC
+++ b/Slon/Modules/Api.HC
@@ -19,12 +19,11 @@ class SlonCatboxUpload {
 
 Bool @slon_api_authorized(SlonHttpSession* session)
 {
+    U8 scratch_buffer[256];
     U8* whitelist_ip = db->o("settings")->@("whitelist_ip");
-    if (!whitelist_ip) {
-        return FALSE;
-    }
-    if (StrICmp(session->header("x-forwarded-for"), whitelist_ip)) {
-        return FALSE;
+    if (whitelist_ip) {
+        StrPrint(scratch_buffer, "'%s'", session->header("x-forwarded-for"));
+        return session->auth > 0 && StrFind(scratch_buffer, whitelist_ip);
     }
     return session->auth > 0;
 }