In the server module the following code:
def convert_ipv4(ip):
return tuple(int(n) for n in ip.split('.'))
def check_ipv4_in(ip_addr, ip_start, ip_end):
return convert_ipv4(ip_start) < convert_ipv4(ip_addr) < convert_ipv4(ip_end)
def reject_users_outside_valid_ipv4_range():
valid_ipv4_range = ('1.1.0.0', '255.255.255.255') #this is your valid range of IP addresses
if not check_ipv4_in( anvil.server.context.client.ip, *valid_ipv4_range ):
anvil.users.logout()
return False
return True
then simply guard all sensitive server calls by adding the function
reject_users_outside_valid_ipv4_range()
to any or all functions inside your module code.
if you are using uplink, wrap your uplink function inside a server module function and pass through the data from your external uplink. (User data does not get passed though implicitly to the uplink unless you pass it yourself and do the same validation.)
Edit:
FYI
Further ways to secure the uplink would include a secret key passed only from your anvil server modules to your uplink, this check would render direct access from an anvil browser app form code to your uplink via a server call impossible if you wanted to restrict it by adding this secret-key check since server module code is opaque to the end user.
Even more FYI:
the country location is also available if it is something you want / want to restrict, it is available through:
anvil.server.context.client.location.country
you could do a:
if not anvil.server.context.client.location.country in ('United States', 'Latvia', 'Unknownistan', 'Elbonia', 'etc'):
anvil.users.logout()
return False