Refactor IP whitelist and blacklist functionality

occupi-backend/pkg/handlers/api_handlers.go

@@ -1443,6 +1443,14 @@ func AddIP(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	// remove the ip address from the blacklist for this user
+	err = database.WhiteListIP(ctx, appsession, request.Emails, request.IP)
+	if err != nil {
+		configs.CaptureError(ctx, err)
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		return
+	}
+
 	// get logged users email from ctx
 	email, errv := AttemptToGetEmail(ctx, appsession)
 	if errv != nil {
@@ -1512,6 +1520,14 @@ func RemoveIP(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	// add this ip address to blacklist for this user
+	err = database.BlackListIP(ctx, appsession, request.Emails, request.IP)
+	if err != nil {
+		configs.CaptureError(ctx, err)
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		return
+	}
+
 	// get logged users email from ctx
 	email, errv := AttemptToGetEmail(ctx, appsession)
 	if errv != nil {
@@ -1855,7 +1871,7 @@ func GetNotificationCount(ctx *gin.Context, appsession *models.AppSession) {
 	ctx.JSON(http.StatusOK, utils.SuccessResponse(http.StatusOK, "Successfully fetched notification count!", gin.H{"unread": unReadCount, "total": totalCount}))
 }
 
-func GetUsersLocations(ctx *gin.Context, appsession *models.AppSession) {
+func GetUsersLocations(ctx *gin.Context, appsession *models.AppSession, ipPrivelege string) {
 	var email string
 	var order string
 	var limit int64
@@ -1900,7 +1916,7 @@ func GetUsersLocations(ctx *gin.Context, appsession *models.AppSession) {
 	}
 	skip := (page - 1) * limit
 
-	locations, totalResults, err := database.GetUsersLocations(ctx, appsession, limit, skip, order, email)
+	locations, totalResults, err := database.GetUsersLocations(ctx, appsession, limit, skip, order, email, ipPrivelege)
 	if err != nil {
 		configs.CaptureError(ctx, err)
 		logrus.Error("Failed to get users locations because: ", err)

occupi-backend/pkg/handlers/auth_handlers.go

@@ -557,14 +557,6 @@ func VerifyOTP(ctx *gin.Context, appsession *models.AppSession, login bool, role
 		return
 	}
 
-	// delete the otp from the database
-	if _, err := database.DeleteOTP(ctx, appsession, userotp.Email, userotp.OTP); err != nil {
-		configs.CaptureError(ctx, err)
-		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
-		logrus.Error(err)
-		// the otp will autodelete after an hour so we can continue
-	}
-
 	// generate a jwt token for the user
 	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, userotp.Email, role)
 

occupi-backend/pkg/handlers/auth_helpers.go

@@ -333,8 +333,8 @@ func PreLoginAccountChecks(ctx *gin.Context, appsession *models.AppSession, emai
 		return false, err
 	}
 
-	// check if the login location is within 1000km of the other locations, if not block the login and unverify the user
 	if !isIPValid {
+		// check if the login location is within 1000km of the other locations, if not block the login and unverify the user
 		isInRange := database.IsIPWithinRange(ctx, appsession, email, unrecognizedLogger)
 
 		if !isInRange {
@@ -347,6 +347,7 @@ func PreLoginAccountChecks(ctx *gin.Context, appsession *models.AppSession, emai
 			return false, nil
 		}
 
+		// check if the user is allowed to login from new anonymous locations
 		blockAnonymousIPAddress, err := database.CheckIfUserIsAllowedNewIP(ctx, appsession, email)
 
 		if err != nil {
@@ -363,6 +364,24 @@ func PreLoginAccountChecks(ctx *gin.Context, appsession *models.AppSession, emai
 				nil))
 			return false, nil
 		}
+
+		// check if this ip address is blacklisted for this user
+		isBlacklisted, err := database.IsIPBlackListed(ctx, appsession, email, utils.GetClientIP(ctx))
+
+		if err != nil {
+			ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+			return false, err
+		}
+
+		if isBlacklisted {
+			ctx.JSON(http.StatusForbidden, utils.ErrorResponse(
+				http.StatusForbidden,
+				"Forbidden from access",
+				constants.ForbiddenCode,
+				"This login attempt is forbidden as this ip address is blacklisted",
+				nil))
+			return false, nil
+		}
 	}
 
 	// check if the user should reset their password

occupi-backend/pkg/router/router.go

@@ -69,7 +69,8 @@ func OccupiRouter(router *gin.Engine, appsession *models.AppSession) {
 		api.PUT("/toggle-admin-status", middleware.ProtectedRoute, func(ctx *gin.Context) { middleware.VerifyMobileUser(ctx, appsession) }, middleware.AdminRoute, func(ctx *gin.Context) { handlers.ToggleAdminStatus(ctx, appsession) })
 		api.PUT("/notify-report-download", middleware.ProtectedRoute, func(ctx *gin.Context) { middleware.VerifyMobileUser(ctx, appsession) }, middleware.AdminRoute, func(ctx *gin.Context) { handlers.SendDownloadReportNotification(ctx, appsession) })
 		api.GET("/get-notifications-count", middleware.ProtectedRoute, func(ctx *gin.Context) { middleware.VerifyMobileUser(ctx, appsession) }, func(ctx *gin.Context) { handlers.GetNotificationCount(ctx, appsession) })
-		api.GET("/get-users-locations", middleware.ProtectedRoute, func(ctx *gin.Context) { middleware.VerifyMobileUser(ctx, appsession) }, middleware.AdminRoute, func(ctx *gin.Context) { handlers.GetUsersLocations(ctx, appsession) })
+		api.GET("/get-users-locations", middleware.ProtectedRoute, func(ctx *gin.Context) { middleware.VerifyMobileUser(ctx, appsession) }, middleware.AdminRoute, func(ctx *gin.Context) { handlers.GetUsersLocations(ctx, appsession, "whitelist") })
+		api.GET("/get-blacklist", middleware.ProtectedRoute, func(ctx *gin.Context) { middleware.VerifyMobileUser(ctx, appsession) }, middleware.AdminRoute, func(ctx *gin.Context) { handlers.GetUsersLocations(ctx, appsession, "blacklist") })
 	}
 	analytics := router.Group("/analytics")
 	{