Fix #4106: Allow moderators to IP ban subnets.

2019-08-12 02:12:56 -05:00
parent 9729eeb829
commit 7316f41d1d
6 changed files with 62 additions and 38 deletions
--- a/app/controllers/ip_bans_controller.rb
+++ b/app/controllers/ip_bans_controller.rb
@@ -12,8 +12,7 @@ class IpBansController < ApplicationController
  end

  def index
-    @search = IpBan.search(search_params)
-    @ip_bans = @search.paginate(params[:page], :limit => params[:limit])
+    @ip_bans = IpBan.includes(:creator).search(search_params).paginate(params[:page], :limit => params[:limit])
    respond_with(@ip_bans)
  end

--- a/app/models/ip_ban.rb
+++ b/app/models/ip_ban.rb
@@ -1,18 +1,13 @@
 class IpBan < ApplicationRecord
-  IP_ADDR_REGEX = /\A(?:[0-9]{1,3}\.){3}[0-9]{1,3}\Z/
  belongs_to_creator
-  validates_presence_of :reason, :ip_addr
-  validates_format_of :ip_addr, :with => IP_ADDR_REGEX
-  validates_uniqueness_of :ip_addr, :if => ->(rec) {rec.ip_addr =~ IP_ADDR_REGEX}
-  after_create do |rec|
-    ModAction.log("#{CurrentUser.name} created ip ban for #{rec.ip_addr}",:ip_ban_create)
-  end
-  after_destroy do |rec|
-    ModAction.log("#{CurrentUser.name} deleted ip ban for #{rec.ip_addr}",:ip_ban_delete)
-  end
+  validate :validate_ip_addr
+  validates_presence_of :reason
+  validates_uniqueness_of :ip_addr
+  after_create  { ModAction.log("#{CurrentUser.name} created ip ban for #{ip_addr}", :ip_ban_create) }
+  after_destroy { ModAction.log("#{CurrentUser.name} deleted ip ban for #{ip_addr}", :ip_ban_delete) }

  def self.is_banned?(ip_addr)
-    exists?(["ip_addr = ?", ip_addr])
+    where("ip_addr >>= ?", ip_addr).exists?
  end

  def self.search(params)
@@ -24,4 +19,26 @@ class IpBan < ApplicationRecord

    q.apply_default_order(params)
  end
+
+  def validate_ip_addr
+    if ip_addr.blank?
+      errors[:ip_addr] << "is invalid"
+    elsif ip_addr.ipv4? && ip_addr.prefix < 24
+      errors[:ip_addr] << "may not have a subnet bigger than /24"
+    elsif ip_addr.ipv6? && ip_addr.prefix < 64
+      errors[:ip_addr] << "may not have a subnet bigger than /64"
+    elsif ip_addr.private? || ip_addr.loopback? || ip_addr.link_local?
+      errors[:ip_addr] << "must be a public address"
+    end
+  end
+
+  def has_subnet?
+    (ip_addr.ipv4? && ip_addr.prefix < 32) || (ip_addr.ipv6? && ip_addr.prefix < 128)
+  end
+
+  def subnetted_ip
+    str = ip_addr.to_s
+    str += "/" + ip_addr.prefix.to_s if has_subnet?
+    str
+  end
 end
--- a/app/views/ip_bans/index.html.erb
+++ b/app/views/ip_bans/index.html.erb
@@ -14,8 +14,8 @@
      <tbody>
        <% @ip_bans.each do |ip_ban| %>
          <tr>
-            <td><%= link_to_ip ip_ban.ip_addr %></td>
-            <td><%= ip_ban.creator.name %></td>
+            <td><%= link_to_ip ip_ban.subnetted_ip %></td>
+            <td><%= link_to_user ip_ban.creator %></td>
            <td><%= ip_ban.reason %></td>
            <td><%= link_to "Unban", ip_ban_path(ip_ban), :remote => true, :method => :delete, :data => {:confirm => "Do your really want to unban #{ip_ban.ip_addr}?"} %></td>
          </tr>
--- a/app/views/ip_bans/new.html.erb
+++ b/app/views/ip_bans/new.html.erb
@@ -5,8 +5,8 @@
    <%= error_messages_for "ip_ban" %>

    <%= simple_form_for(@ip_ban) do |f| %>
-      <%= f.input :ip_addr, :label => "IP Address", :as => :string %>
-      <%= f.input :reason, :input_html => {:size => "50x5"} %>
+      <%= f.input :ip_addr, label: "IP Address", as: :string, hint: "Add /24 to ban a subnet. Example: 1.2.3.4/24" %>
+      <%= f.input :reason %>
      <%= f.button :submit, "Submit" %>
    <% end %>
  </div>