From 13c2b7b4d611c11df3c713b8f18052f8d2c8800d Mon Sep 17 00:00:00 2001
From: proffapt <proffapt@pm.me>
Date: Sun, 30 Jun 2024 14:27:22 +0530
Subject: [PATCH] feat: restrict /v1/account endpoint to naarad-signup; install
 jq for log parsing

---
 Dockerfile                    | 2 ++
 metaploy/naarad.metaploy.conf | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 00c8aa6..b965fd2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 FROM binwiederhier/ntfy
 
+RUN apk --no-cache add jq
+
 # Copy metaploy configuration
 COPY metaploy/naarad.metaploy.conf /
 COPY metaploy/postinstall.sh /
diff --git a/metaploy/naarad.metaploy.conf b/metaploy/naarad.metaploy.conf
index 0ac4827..a188912 100644
--- a/metaploy/naarad.metaploy.conf
+++ b/metaploy/naarad.metaploy.conf
@@ -17,7 +17,14 @@ server {
 
     location ~ ^/([^/]+)/json(/|$) {
         proxy_pass http://naarad;
-    	add_header Content-Type application/json;
+        add_header Content-Type application/json;
+    }
+
+    location /v1/account {
+        valid_referers https://naarad-signup.metakgp.org;
+        if ($invalid_referer) {
+            return 307 https://naarad-signup.metakgp.org;
+        }
     }
 
     location /signup {