fix: check ip ban by prefix during login

2025-05-21 23:52:29 -04:00 · 2025-05-21 23:52:29 -04:00 · 829eef7f5d
commit 829eef7f5d
parent d7e800fcb4
3 changed files with 12 additions and 4 deletions
--- a/crates/app/src/routes/api/v1/auth/mod.rs
+++ b/crates/app/src/routes/api/v1/auth/mod.rs
@ -133,7 +133,11 @@ pub async fn login_request(
        .to_string();

    // check for ip ban
-    if data.get_ipban_by_ip(&real_ip).await.is_ok() {
+    if data
+        .get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
+        .await
+        .is_ok()
+    {
        return (None, Json(Error::NotAllowed.into()));
    }

--- a/crates/app/src/routes/api/v1/communities/questions.rs
+++ b/crates/app/src/routes/api/v1/communities/questions.rs
@ -5,7 +5,7 @@ use axum::{
    Extension, Json,
 };
 use axum_extra::extract::CookieJar;
-use tetratto_core::model::{auth::IpBlock, communities::Question, ApiReturn, Error};
+use tetratto_core::model::{addr::RemoteAddr, auth::IpBlock, communities::Question, ApiReturn, Error};
 use crate::{get_user_from_token, routes::api::v1::CreateQuestion, State};

 pub async fn create_request(
@ -30,7 +30,11 @@ pub async fn create_request(
        .to_string();

    // check for ip ban
-    if data.get_ipban_by_ip(&real_ip).await.is_ok() {
+    if data
+        .get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
+        .await
+        .is_ok()
+    {
        return Json(Error::NotAllowed.into());
    }

--- a/crates/core/src/model/addr.rs
+++ b/crates/core/src/model/addr.rs
@ -1,6 +1,6 @@
 use std::net::SocketAddr;

-/// How many bytes should be chopped off the end of an IPV6 address to get its prefix.
+/// How many bytes should be taken as the prefix (from the begining of the address).
 pub(crate) const IPV6_PREFIX_BYTES: usize = 8;

 /// The protocol of a [`RemoteAddr`].