Merge pull request #12 from yoomoney/release/v2.2.2

Release/2.2.2
yoomoney · Dec 28, 2021 · 6b86cb7 · 6b86cb7
2 parents fea94f9 + 46b619a
commit 6b86cb7
Show file tree

Hide file tree

Showing 11 changed files with 76 additions and 11 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -7,14 +7,14 @@ python:
   - "3.5"
   - "3.4"
 matrix:
-  include:
-    - python: 2.7
-      before_install:
-        - pip install -U mock
-        - pip install -U pytest
+ include:
+   - python: 2.7
+     before_install:
+       - pip install -U mock
+       - pip install -U pytest
 # command to install dependencies
 install:
   - pip install -r requirements.txt && pip install -e .
 # command to run tests
 script:
-  - pytest
+  - pytest
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+### v2.2.2 от 28.12.2021
+* Проверка IP для уведомлений
+
 ### v2.2.1 от 09.12.2021
 * Добавлена обработка параметра authorization_details.three_d_secure.applied в объекте платежа
 

diff --git a/docs/examples/01-configuration.md b/docs/examples/01-configuration.md
@@ -156,8 +156,14 @@ import json
 from django.http import HttpResponse
 from yookassa import Configuration, Payment
 from yookassa.domain.notification import WebhookNotificationEventType, WebhookNotificationFactory
+from yookassa.domain.common import SecurityHelper
 
 def my_webhook_handler(request):
+    # Если хотите убедиться, что запрос пришел от ЮКасса, добавьте проверку:
+    ip = get_client_ip(request)  # Получите IP запроса
+    if not SecurityHelper().is_ip_trusted(ip):  
+        return HttpResponse(status=400)
+
     # Извлечение JSON объекта из тела запроса
     event_json = json.loads(request.body)
     try:

diff --git a/noxfile.py b/noxfile.py
@@ -3,7 +3,7 @@
 
 nox.options.sessions = ["tests"]  # , "lint", "build"
 
-python = ["2.7", "3.5", "3.6", "3.7", "3.8", "3.9"]
+python = ["3.8", "3.9", "3.10"]  # "2.7", "3.5", "3.6", "3.7",
 
 
 lint_dependencies = [

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,6 @@
 requests
 setuptools
 urllib3
+netaddr
 distro
-deprecated
+deprecated
diff --git a/setup.py b/setup.py
@@ -113,7 +113,7 @@
     url="https://github.com/yoomoney/yookassa-sdk-python",
     package_dir={"": "src"},
     packages=find_packages('src'),
-    install_requires=["requests", "urllib3", "distro", "deprecated"],
+    install_requires=["requests", "urllib3", "netaddr", "distro", "deprecated"],
     zip_safe=False,
     license="MIT",
     classifiers=[

diff --git a/src/yookassa/__init__.py b/src/yookassa/__init__.py
@@ -12,4 +12,4 @@
 
 __author__ = "YooMoney"
 __email__ = '[email protected]'
-__version__ = '2.2.1'
+__version__ = '2.2.2'
diff --git a/src/yookassa/domain/common/__init__.py b/src/yookassa/domain/common/__init__.py
@@ -12,3 +12,4 @@
 from yookassa.domain.common.response_object import ResponseObject
 from yookassa.domain.common.type_factory import TypeFactory
 from yookassa.domain.common.user_agent import UserAgent, Version
+from yookassa.domain.common.security_helper import SecurityHelper
diff --git a/src/yookassa/domain/common/security_helper.py b/src/yookassa/domain/common/security_helper.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+from netaddr import IPNetwork, IPAddress
+
+
+class SecurityHelper:
+    """
+    """
+
+    def __init__(self):
+        pass
+
+    YOOKASSA_NETWORKS = [
+        '77.75.153.0/25',
+        '77.75.156.11',
+        '77.75.156.35',
+        '77.75.154.128/25',
+        '185.71.76.0/27',
+        '185.71.77.0/27',
+        '2a02:5180:0:1509::/64',
+        '2a02:5180:0:2655::/64',
+        '2a02:5180:0:1533::/64',
+        '2a02:5180:0:2669::/64'
+    ]
+
+    @staticmethod
+    def is_ip_in_network(ip, network):
+        return IPAddress(ip) in IPNetwork(network)
+
+    def is_ip_trusted(self, ip):
+        for item in self.YOOKASSA_NETWORKS:
+            if '/' in item:
+                if self.is_ip_in_network(ip, item):
+                    return True
+            else:
+                if ip == item:
+                    return True
+
+        return False
diff --git a/src/yookassa/domain/models/requestor.py b/src/yookassa/domain/models/requestor.py
@@ -4,7 +4,7 @@
 
 
 @deprecated("This class will be removed in one of future versions")
-class RequestorType:
+class RequestorType(object):
     MERCHANT = "merchant"
     THIRD_PARTY_CLIENT = "third_party_client"
 

diff --git a/test/unit/test_security_helper.py b/test/unit/test_security_helper.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+import unittest
+
+from yookassa.domain.common import SecurityHelper
+
+
+class TestSecurityHelper(unittest.TestCase):
+
+    def test_check_ip(self):
+        sh = SecurityHelper()
+
+        self.assertTrue(sh.is_ip_trusted('77.75.153.75'))
+        self.assertTrue(sh.is_ip_trusted('2a02:5180:0:2669::2a:dc6a'))
+
+        self.assertFalse(sh.is_ip_trusted('192.168.1.1'))
+        self.assertFalse(sh.is_ip_trusted('2a02:4180:0:2969::2a:006a'))