add: use RemoteAddr for ip blocks as well

This commit is contained in:
trisua 2025-06-30 15:35:18 -04:00
parent 14936b8b90
commit f5faed7762
12 changed files with 127 additions and 28 deletions

View file

@ -54,7 +54,7 @@ pub async fn register_request(
// check for ip ban
if data
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
.await
.is_ok()
{
@ -189,7 +189,7 @@ pub async fn login_request(
// check for ip ban
if data
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
.await
.is_ok()
{

View file

@ -11,6 +11,7 @@ use axum::{
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{
addr::RemoteAddr,
auth::{AchievementName, FollowResult, IpBlock, Notification, UserBlock, UserFollow},
oauth,
};
@ -228,7 +229,10 @@ pub async fn ip_block_request(
None => return Json(Error::NotAllowed.into()),
};
if let Ok(ipblock) = data.get_ipblock_by_initiator_receiver(user.id, &ip).await {
if let Ok(ipblock) = data
.get_ipblock_by_initiator_receiver(user.id, &RemoteAddr::from(ip.as_str()))
.await
{
// delete
match data.delete_ipblock(ipblock.id, user).await {
Ok(_) => Json(ApiReturn {
@ -335,7 +339,7 @@ pub async fn ip_block_profile_request(
for (ip, _, _) in other_user.tokens {
// check for an existing ip block
if data
.get_ipblock_by_initiator_receiver(user.id, &ip)
.get_ipblock_by_initiator_receiver(user.id, &RemoteAddr::from(ip.as_str()))
.await
.is_ok()
{

View file

@ -67,7 +67,7 @@ pub async fn create_request(
// check for ip ban
if data
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
.await
.is_ok()
{

View file

@ -43,7 +43,7 @@ pub async fn create_request(
// check for ip ban
if data
.get_ipban_by_addr(RemoteAddr::from(real_ip.as_str()))
.get_ipban_by_addr(&RemoteAddr::from(real_ip.as_str()))
.await
.is_ok()
{
@ -145,7 +145,7 @@ pub async fn ip_block_request(
// check for an existing ip block
if data
.get_ipblock_by_initiator_receiver(user.id, &question.ip)
.get_ipblock_by_initiator_receiver(user.id, &RemoteAddr::from(question.ip.as_str()))
.await
.is_ok()
{

View file

@ -1,7 +1,12 @@
use crate::{State, get_user_from_token, routes::api::v1::CreateReaction};
use axum::{Extension, Json, extract::Path, response::IntoResponse};
use axum::{
extract::Path,
http::{HeaderMap, HeaderValue},
response::IntoResponse,
Extension, Json,
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{oauth, ApiReturn, Error, reactions::Reaction};
use tetratto_core::model::{addr::RemoteAddr, oauth, reactions::Reaction, ApiReturn, Error};
pub async fn get_request(
jar: CookieJar,
@ -26,6 +31,7 @@ pub async fn get_request(
pub async fn create_request(
jar: CookieJar,
headers: HeaderMap,
Extension(data): Extension<State>,
Json(req): Json<CreateReaction>,
) -> impl IntoResponse {
@ -40,6 +46,20 @@ pub async fn create_request(
Err(e) => return Json(Error::MiscError(e.to_string()).into()),
};
// get real ip
let real_ip = headers
.get(data.0.0.security.real_ip_header.to_owned())
.unwrap_or(&HeaderValue::from_static(""))
.to_str()
.unwrap_or("")
.to_string();
// check for ip ban
let addr = RemoteAddr::from(real_ip.as_str());
if data.get_ipban_by_addr(&addr).await.is_ok() {
return Json(Error::NotAllowed.into());
}
// check for existing reaction
if let Ok(r) = data.get_reaction_by_owner_asset(user.id, asset_id).await {
match data.delete_reaction(r.id, &user).await {
@ -63,6 +83,7 @@ pub async fn create_request(
.create_reaction(
Reaction::new(user.id, asset_id, req.asset_type, req.is_like),
&user,
&addr,
)
.await
{