config: remove banned_ip_for_download? option.

* Remove `banned_ip_for_download?` config option. This isn't something that usually needs to be configured. * Replace the `ipaddress` gem with `ipaddress_2`. The `ipaddress` gem has several methods we need (`link_local?`, etc) that are only available in master because the gem hasn't had an official release in several years. `ipaddress_2` is a fork that is more actively maintained.
2020-06-02 15:32:19 -05:00
parent 63f675b7d6
commit 9997db44d8
4 changed files with 15 additions and 38 deletions
--- a/2
+++ b/2
@@ -42,7 +42,7 @@ gem 'builder'
 # gem 'did_you_mean' # github.com/yuki24/did_you_mean/issues/117
 gem 'puma'
 gem 'scenic'
-gem 'ipaddress'
+gem 'ipaddress_2'
 gem 'http'
 gem 'activerecord-hierarchical_query'
 gem 'pundit'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -171,7 +171,7 @@ GEM
      multi_xml (>= 0.5.2)
    i18n (1.8.2)
      concurrent-ruby (~> 1.0)
-    ipaddress (0.8.3)
+    ipaddress_2 (0.13.0)
    jmespath (1.4.0)
    jquery-rails (4.3.5)
      rails-dom-testing (>= 1, < 3)
@@ -443,7 +443,7 @@ DEPENDENCIES
  flamegraph
  http
  httparty
-  ipaddress
+  ipaddress_2
  jquery-rails
  listen
  mail
--- a/app/logical/downloads/file.rb
+++ b/app/logical/downloads/file.rb
@@ -95,15 +95,25 @@ module Downloads
      ip_addr = IPAddr.new(Resolv.getaddress(url.hostname))
      CloudflareService.new.ips.any? { |subnet| subnet.include?(ip_addr) }
    end
+
+    def self.banned_ip?(ip)
+      ip = IPAddress.parse(ip.to_s) unless ip.is_a?(IPAddress)
+
+      if ip.ipv4?
+        ip.loopback? || ip.link_local? || ip.multicast? || ip.private?
+      elsif ip.ipv6?
+        ip.loopback? || ip.link_local? || ip.unique_local? || ip.unspecified?
+      end
+    end
  end

  # Hook into HTTParty to validate the IP before following redirects.
  # https://www.rubydoc.info/github/jnunemaker/httparty/HTTParty/ConnectionAdapter
  class ValidatingConnectionAdapter < HTTParty::ConnectionAdapter
    def self.call(uri, options)
-      ip_addr = IPAddr.new(::Resolv.getaddress(uri.hostname))
+      ip_addr = IPAddress.parse(::Resolv.getaddress(uri.hostname))

-      if Danbooru.config.banned_ip_for_download?(ip_addr)
+      if Downloads::File.banned_ip?(ip_addr)
        raise Downloads::File::Error, "Downloads from #{ip_addr} are not allowed"
      end

--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@@ -392,39 +392,6 @@ module Danbooru
      "zDMSATq0W3hmA5p3rKTgD"
    end

-    # For downloads, if the host matches any of these IPs, block it
-    def banned_ip_for_download?(ip_addr)
-      raise ArgumentError unless ip_addr.is_a?(IPAddr)
-
-      if ip_addr.ipv4?
-        if IPAddr.new("127.0.0.1") == ip_addr
-          true
-        elsif IPAddr.new("169.254.0.0/16").include?(ip_addr)
-          true
-        elsif IPAddr.new("10.0.0.0/8").include?(ip_addr)
-          true
-        elsif IPAddr.new("172.16.0.0/12").include?(ip_addr)
-          true
-        elsif IPAddr.new("192.168.0.0/16").include?(ip_addr)
-          true
-        else
-          false
-        end
-      elsif ip_addr.ipv6?
-        if IPAddr.new("::1") == ip_addr
-          true
-        elsif IPAddr.new("fe80::/10").include?(ip_addr)
-          true
-        elsif IPAddr.new("fd00::/8").include?(ip_addr)
-          true
-        else
-          false
-        end
-      else
-        false
-      end
-    end
-
    # The url of the Discord server associated with this site.
    def discord_server_url
      nil