Fix #4106: Allow moderators to IP ban subnets.

app/models/ip_ban.rb

@@ -1,18 +1,13 @@
 class IpBan < ApplicationRecord
-  IP_ADDR_REGEX = /\A(?:[0-9]{1,3}\.){3}[0-9]{1,3}\Z/
   belongs_to_creator
-  validates_presence_of :reason, :ip_addr
-  validates_format_of :ip_addr, :with => IP_ADDR_REGEX
-  validates_uniqueness_of :ip_addr, :if => ->(rec) {rec.ip_addr =~ IP_ADDR_REGEX}
-  after_create do |rec|
-    ModAction.log("#{CurrentUser.name} created ip ban for #{rec.ip_addr}",:ip_ban_create)
-  end
-  after_destroy do |rec|
-    ModAction.log("#{CurrentUser.name} deleted ip ban for #{rec.ip_addr}",:ip_ban_delete)
-  end
+  validate :validate_ip_addr
+  validates_presence_of :reason
+  validates_uniqueness_of :ip_addr
+  after_create  { ModAction.log("#{CurrentUser.name} created ip ban for #{ip_addr}", :ip_ban_create) }
+  after_destroy { ModAction.log("#{CurrentUser.name} deleted ip ban for #{ip_addr}", :ip_ban_delete) }
 
   def self.is_banned?(ip_addr)
-    exists?(["ip_addr = ?", ip_addr])
+    where("ip_addr >>= ?", ip_addr).exists?
   end
 
   def self.search(params)
@@ -24,4 +19,26 @@ class IpBan < ApplicationRecord
 
     q.apply_default_order(params)
   end
+
+  def validate_ip_addr
+    if ip_addr.blank?
+      errors[:ip_addr] << "is invalid"
+    elsif ip_addr.ipv4? && ip_addr.prefix < 24
+      errors[:ip_addr] << "may not have a subnet bigger than /24"
+    elsif ip_addr.ipv6? && ip_addr.prefix < 64
+      errors[:ip_addr] << "may not have a subnet bigger than /64"
+    elsif ip_addr.private? || ip_addr.loopback? || ip_addr.link_local?
+      errors[:ip_addr] << "must be a public address"
+    end
+  end
+
+  def has_subnet?
+    (ip_addr.ipv4? && ip_addr.prefix < 32) || (ip_addr.ipv6? && ip_addr.prefix < 128)
+  end
+
+  def subnetted_ip
+    str = ip_addr.to_s
+    str += "/" + ip_addr.prefix.to_s if has_subnet?
+    str
+  end
 end