add: use RemoteAddr for ip blocks as well
This commit is contained in:
parent
14936b8b90
commit
f5faed7762
12 changed files with 127 additions and 28 deletions
|
@ -54,7 +54,7 @@ pub async fn register_request(
|
|||
|
||||
// check for ip ban
|
||||
if data
|
||||
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
|
||||
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
|
||||
.await
|
||||
.is_ok()
|
||||
{
|
||||
|
@ -189,7 +189,7 @@ pub async fn login_request(
|
|||
|
||||
// check for ip ban
|
||||
if data
|
||||
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
|
||||
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
|
||||
.await
|
||||
.is_ok()
|
||||
{
|
||||
|
|
|
@ -11,6 +11,7 @@ use axum::{
|
|||
};
|
||||
use axum_extra::extract::CookieJar;
|
||||
use tetratto_core::model::{
|
||||
addr::RemoteAddr,
|
||||
auth::{AchievementName, FollowResult, IpBlock, Notification, UserBlock, UserFollow},
|
||||
oauth,
|
||||
};
|
||||
|
@ -228,7 +229,10 @@ pub async fn ip_block_request(
|
|||
None => return Json(Error::NotAllowed.into()),
|
||||
};
|
||||
|
||||
if let Ok(ipblock) = data.get_ipblock_by_initiator_receiver(user.id, &ip).await {
|
||||
if let Ok(ipblock) = data
|
||||
.get_ipblock_by_initiator_receiver(user.id, &RemoteAddr::from(ip.as_str()))
|
||||
.await
|
||||
{
|
||||
// delete
|
||||
match data.delete_ipblock(ipblock.id, user).await {
|
||||
Ok(_) => Json(ApiReturn {
|
||||
|
@ -335,7 +339,7 @@ pub async fn ip_block_profile_request(
|
|||
for (ip, _, _) in other_user.tokens {
|
||||
// check for an existing ip block
|
||||
if data
|
||||
.get_ipblock_by_initiator_receiver(user.id, &ip)
|
||||
.get_ipblock_by_initiator_receiver(user.id, &RemoteAddr::from(ip.as_str()))
|
||||
.await
|
||||
.is_ok()
|
||||
{
|
||||
|
|
|
@ -67,7 +67,7 @@ pub async fn create_request(
|
|||
|
||||
// check for ip ban
|
||||
if data
|
||||
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
|
||||
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
|
||||
.await
|
||||
.is_ok()
|
||||
{
|
||||
|
|
|
@ -43,7 +43,7 @@ pub async fn create_request(
|
|||
|
||||
// check for ip ban
|
||||
if data
|
||||
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
|
||||
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
|
||||
.await
|
||||
.is_ok()
|
||||
{
|
||||
|
@ -145,7 +145,7 @@ pub async fn ip_block_request(
|
|||
|
||||
// check for an existing ip block
|
||||
if data
|
||||
.get_ipblock_by_initiator_receiver(user.id, &question.ip)
|
||||
.get_ipblock_by_initiator_receiver(user.id, &RemoteAddr::from(question.ip.as_str()))
|
||||
.await
|
||||
.is_ok()
|
||||
{
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
use crate::{State, get_user_from_token, routes::api::v1::CreateReaction};
|
||||
use axum::{Extension, Json, extract::Path, response::IntoResponse};
|
||||
use axum::{
|
||||
extract::Path,
|
||||
http::{HeaderMap, HeaderValue},
|
||||
response::IntoResponse,
|
||||
Extension, Json,
|
||||
};
|
||||
use axum_extra::extract::CookieJar;
|
||||
use tetratto_core::model::{oauth, ApiReturn, Error, reactions::Reaction};
|
||||
use tetratto_core::model::{addr::RemoteAddr, oauth, reactions::Reaction, ApiReturn, Error};
|
||||
|
||||
pub async fn get_request(
|
||||
jar: CookieJar,
|
||||
|
@ -26,6 +31,7 @@ pub async fn get_request(
|
|||
|
||||
pub async fn create_request(
|
||||
jar: CookieJar,
|
||||
headers: HeaderMap,
|
||||
Extension(data): Extension<State>,
|
||||
Json(req): Json<CreateReaction>,
|
||||
) -> impl IntoResponse {
|
||||
|
@ -40,6 +46,20 @@ pub async fn create_request(
|
|||
Err(e) => return Json(Error::MiscError(e.to_string()).into()),
|
||||
};
|
||||
|
||||
// get real ip
|
||||
let real_ip = headers
|
||||
.get(data.0.0.security.real_ip_header.to_owned())
|
||||
.unwrap_or(&HeaderValue::from_static(""))
|
||||
.to_str()
|
||||
.unwrap_or("")
|
||||
.to_string();
|
||||
|
||||
// check for ip ban
|
||||
let addr = RemoteAddr::from(real_ip.as_str());
|
||||
if data.get_ipban_by_addr(&addr).await.is_ok() {
|
||||
return Json(Error::NotAllowed.into());
|
||||
}
|
||||
|
||||
// check for existing reaction
|
||||
if let Ok(r) = data.get_reaction_by_owner_asset(user.id, asset_id).await {
|
||||
match data.delete_reaction(r.id, &user).await {
|
||||
|
@ -63,6 +83,7 @@ pub async fn create_request(
|
|||
.create_reaction(
|
||||
Reaction::new(user.id, asset_id, req.asset_type, req.is_like),
|
||||
&user,
|
||||
&addr,
|
||||
)
|
||||
.await
|
||||
{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue