From 97c0bfe9f0dbf6772b6826ec1bae20037b797d13 Mon Sep 17 00:00:00 2001
From: Connor Prussin <connor@prussin.net>
Date: Tue, 8 Oct 2024 14:40:35 -0700
Subject: [PATCH] feat(staking): allow icloud public relay

---
 apps/staking/src/config/server.ts |  5 +++++
 apps/staking/src/middleware.ts    | 10 ++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/apps/staking/src/config/server.ts b/apps/staking/src/config/server.ts
index adafd096c..ac1a48a5e 100644
--- a/apps/staking/src/config/server.ts
+++ b/apps/staking/src/config/server.ts
@@ -55,6 +55,11 @@ export const MAINNET_RPC = process.env.MAINNET_RPC;
 export const HERMES_URL = getOr("HERMES_URL", "https://hermes.pyth.network");
 export const BLOCKED_REGIONS = transformOr("BLOCKED_REGIONS", fromCsv, []);
 export const IP_ALLOWLIST = transformOr("IP_ALLOWLIST", fromCsv, []);
+export const VPN_ORGANIZATION_ALLOWLIST = transformOr(
+  "VPN_ORGANIZATION_ALLOWLIST",
+  fromCsv,
+  ["iCloud Private Relay"],
+);
 export const GOVERNANCE_ONLY_REGIONS = transformOr(
   "GOVERNANCE_ONLY_REGIONS",
   fromCsv,
diff --git a/apps/staking/src/middleware.ts b/apps/staking/src/middleware.ts
index 26e8a14a6..cc8795d52 100644
--- a/apps/staking/src/middleware.ts
+++ b/apps/staking/src/middleware.ts
@@ -12,6 +12,7 @@ import {
   GOVERNANCE_ONLY_REGIONS,
   PROXYCHECK_API_KEY,
   IP_ALLOWLIST,
+  VPN_ORGANIZATION_ALLOWLIST,
 } from "./config/server";
 
 const GEO_BLOCKED_PATH = `/${GEO_BLOCKED_SEGMENT}`;
@@ -61,8 +62,13 @@ const isProxyBlocked = async ({ ip }: NextRequest) => {
   if (proxyCheckClient === undefined || ip === undefined) {
     return false;
   } else {
-    const result = await proxyCheckClient.checkIP(ip, { vpn: 2 });
-    return result[ip]?.proxy === "yes";
+    const response = await proxyCheckClient.checkIP(ip, { vpn: 2 });
+    const result = response[ip];
+    return (
+      result &&
+      result.proxy === "yes" &&
+      !VPN_ORGANIZATION_ALLOWLIST.includes(result.organisation)
+    );
   }
 };