From db27e4da24fa49d91215bd8ef7a05895fa58c0f6 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sat, 26 Mar 2016 14:37:37 -0700
Subject: [PATCH] webservice infrastructure, RT#33849

---
 FS/FS/ClientAPI/Freeside.pm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/FS/FS/ClientAPI/Freeside.pm b/FS/FS/ClientAPI/Freeside.pm
index 90fa55018..dcd3ed6e9 100644
--- a/FS/FS/ClientAPI/Freeside.pm
+++ b/FS/FS/ClientAPI/Freeside.pm
@@ -8,7 +8,7 @@ use FS::svc_external;
 use FS::webservice_log;
 
 #$DEBUG = 0;
-#$me = '[FS::ClientAPI::PrepaidPhone]';
+#$me = '[FS::ClientAPI:Freeside]';
 
 # inputs:
 #   support-key
@@ -17,6 +17,7 @@ use FS::webservice_log;
 #
 # returns:
 #   error (empty, or error message)
+#   custnum
 
 sub freesideinc_service {
   my $packet = shift;
@@ -36,8 +37,12 @@ sub freesideinc_service {
                      '_password' => $_password,
                    },
     'extra_sql' => "AND svcpart = $svcpart",
-  })
-    or return { 'error' => 'bad support-key' };
+  });
+  unless ( $svc_external ) {
+    warn "bad support-key for $username from $ENV{REMOTE_IP}\n";
+    sleep 5; #ideally also rate-limit and eventually ban their IP
+    return { 'error' => 'bad support-key' };
+  }
 
   #XXX check if some customers can use some API calls, rate-limiting, etc.
   # but for now, everybody can use everything
-- 
2.11.0