ip bans: add hit counter, deleted flag, new ban type.

* Make IP bans soft deletable. * Add a hit counter to track how many times an IP ban has blocked someone. * Add a last hit timestamp to track when the IP ban last blocked someone. * Add a new type of IP ban, the signup ban. Signup bans restrict new signups from editing anything until they've verified their email address.
2020-04-06 14:12:56 -05:00
parent 98e84d83fb
commit b2ee1f0766
18 changed files with 178 additions and 40 deletions
--- a/app/models/ip_ban.rb
+++ b/app/models/ip_ban.rb
@@ -1,13 +1,27 @@
 class IpBan < ApplicationRecord
  belongs_to :creator, class_name: "User"
-  validate :validate_ip_addr
-  validates_presence_of :reason
-  validates_uniqueness_of :ip_addr
-  after_create  { ModAction.log("#{creator.name} created ip ban for #{ip_addr}", :ip_ban_create) }
-  after_destroy { ModAction.log("#{creator.name} deleted ip ban for #{ip_addr}", :ip_ban_delete) }

-  def self.is_banned?(ip_addr)
-    where("ip_addr >>= ?", ip_addr).exists?
+  validate :validate_ip_addr
+  validates :reason, presence: true
+
+  before_save :create_mod_action
+
+  deletable
+  enum category: {
+    normal: 0,
+    signup: 100
+  }, _suffix: "ban"
+
+  def self.ip_matches(ip_addr)
+    where("ip_addr >>= ?", ip_addr)
+  end
+
+  def self.hit!(category, ip_addr)
+    ip_ban = active.where(category: category).ip_matches(ip_addr).first
+    return false unless ip_ban
+
+    IpBan.increment_counter(:hit_count, ip_ban.id, touch: [:last_hit_at])
+    true
  end

  def self.search(params)
@@ -21,15 +35,31 @@ class IpBan < ApplicationRecord
    q.apply_default_order(params)
  end

+  def create_mod_action
+    if new_record?
+      ModAction.log("#{creator.name} created ip ban for #{ip_addr}", :ip_ban_create)
+    elsif is_deleted? == true && is_deleted_was == false
+      ModAction.log("#{creator.name} deleted ip ban for #{ip_addr}", :ip_ban_delete)
+    elsif is_deleted? == false && is_deleted_was == true
+      ModAction.log("#{creator.name} undeleted ip ban for #{ip_addr}", :ip_ban_undelete)
+    end
+  end
+
  def validate_ip_addr
    if ip_addr.blank?
      errors[:ip_addr] << "is invalid"
-    elsif ip_addr.ipv4? && ip_addr.prefix < 24
-      errors[:ip_addr] << "may not have a subnet bigger than /24"
-    elsif ip_addr.ipv6? && ip_addr.prefix < 64
-      errors[:ip_addr] << "may not have a subnet bigger than /64"
    elsif ip_addr.private? || ip_addr.loopback? || ip_addr.link_local?
      errors[:ip_addr] << "must be a public address"
+    elsif normal_ban? && ip_addr.ipv4? && ip_addr.prefix < 24
+      errors[:ip_addr] << "may not have a subnet bigger than /24"
+    elsif signup_ban? && ip_addr.ipv4? && ip_addr.prefix < 8
+      errors[:ip_addr] << "may not have a subnet bigger than /8"
+    elsif normal_ban? && ip_addr.ipv6? && ip_addr.prefix < 64
+      errors[:ip_addr] << "may not have a subnet bigger than /64"
+    elsif signup_ban? && ip_addr.ipv6? && ip_addr.prefix < 20
+      errors[:ip_addr] << "may not have a subnet bigger than /20"
+    elsif new_record? && IpBan.active.ip_matches(subnetted_ip).exists?
+      errors[:ip_addr] << "is already banned"
    end
  end

--- a/app/models/mod_action.rb
+++ b/app/models/mod_action.rb
@@ -48,6 +48,7 @@ class ModAction < ApplicationRecord
    tag_implication_update: 141,
    ip_ban_create: 160,
    ip_ban_delete: 162,
+    ip_ban_undelete: 163,
    mass_update: 1000,
    bulk_revert: 1001, # XXX unused
    other: 2000