Skip to content

Commit

Permalink
add: store profile IP
Browse files Browse the repository at this point in the history
add: IP bans
IP banning can be enabled by adding "real_ip_header = ..." in your server configuration
  • Loading branch information
trisuaso committed Sep 13, 2024
1 parent 98a99e3 commit 6d3b27b
Show file tree
Hide file tree
Showing 11 changed files with 62 additions and 6 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "neospring"
version = "1.1.5"
version = "1.2.0"
edition = "2021"
authors = ["trisuaso", "swmff"]
description = "Ask, share, socialize!"
Expand Down
1 change: 1 addition & 0 deletions sql/add_ips_col.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE "xprofiles" ADD COLUMN "ips" TEXT DEFAULT '[]';
3 changes: 3 additions & 0 deletions src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ pub struct Config {
pub static_dir: String,
/// HCaptcha configuration
pub captcha: HCaptchaConfig,
/// The name of the header used for reading user IP address
pub real_ip_header: Option<String>,
/// If new profile registration is enabled
#[serde(default)]
pub registration_enabled: bool,
Expand All @@ -40,6 +42,7 @@ impl Default for Config {
description: "Ask, share, socialize!".to_string(),
static_dir: String::new(),
captcha: HCaptchaConfig::default(),
real_ip_header: Option::None,
registration_enabled: true,
host: String::new(),
migration: false,
Expand Down
1 change: 1 addition & 0 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ pub async fn main() {
xsu_authman::ServerOptions {
captcha: config.captcha.clone(),
registration_enabled: config.registration_enabled,
real_ip_header: config.real_ip_header.clone(),
},
)
.await;
Expand Down
2 changes: 2 additions & 0 deletions src/model.rs
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@ pub fn global_profile() -> Profile {
password: String::new(),
salt: String::new(),
tokens: Vec::new(),
ips: Vec::new(),
group: 0,
joined: 0,
metadata: ProfileMetadata::default(),
Expand All @@ -295,6 +296,7 @@ pub fn anonymous_profile(tag: String) -> Profile {
password: String::new(),
salt: String::new(),
tokens: Vec::new(),
ips: Vec::new(),
group: 0,
joined: 0,
metadata: ProfileMetadata::default(),
Expand Down
1 change: 1 addition & 0 deletions src/routing/api/comments.rs
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ pub async fn get_request(
// hide tokens, password, salt, and metadata
r.0.author.salt = String::new();
r.0.author.tokens = Vec::new();
r.0.author.ips = Vec::new();
r.0.author.metadata = ProfileMetadata::default();

// return
Expand Down
2 changes: 2 additions & 0 deletions src/routing/api/questions.rs
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,13 @@ pub async fn get_request(
r.author.password = String::new();
r.author.salt = String::new();
r.author.tokens = Vec::new();
r.author.ips = Vec::new();
r.author.metadata = ProfileMetadata::default();

r.recipient.password = String::new();
r.recipient.salt = String::new();
r.recipient.tokens = Vec::new();
r.recipient.ips = Vec::new();
r.recipient.metadata = ProfileMetadata::default();

// return
Expand Down
3 changes: 3 additions & 0 deletions src/routing/api/responses.rs
Original file line number Diff line number Diff line change
Expand Up @@ -77,16 +77,19 @@ pub async fn get_request(
r.0.author.password = String::new();
r.0.author.salt = String::new();
r.0.author.tokens = Vec::new();
r.0.author.ips = Vec::new();
r.0.author.metadata = ProfileMetadata::default();

r.0.recipient.password = String::new();
r.0.recipient.salt = String::new();
r.0.recipient.tokens = Vec::new();
r.0.recipient.ips = Vec::new();
r.0.recipient.metadata = ProfileMetadata::default();

r.1.author.password = String::new();
r.1.author.salt = String::new();
r.1.author.tokens = Vec::new();
r.1.author.ips = Vec::new();
r.1.author.metadata = ProfileMetadata::default();

// return
Expand Down
47 changes: 45 additions & 2 deletions templates/profile/mod.html
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,24 @@ <h3>Change password</h3>
</script>
{% endif %}

<!-- ips -->
<hr />
<div id="ips" class="flex flex-col gap-4">
<h3>IPs</h3>

<div class="card w-full shadow">
{% for ip in other.ips %}
<ul style="margin-bottom: 0">
<code>{{ ip }}</code>
<a href="javascript:globalThis.ban_ip('{{ ip }}')">Ban IP</a>
</ul>
{% endfor %}
</div>
</div>

<!-- warnings -->
<hr />
<div id="warnings" class="flex flex-col gap-4">
<h3>Warnings</h3>

Expand Down Expand Up @@ -128,8 +143,8 @@ <h3>Warnings</h3>
})
.then((res) => res.json())
.then((res) => {
trigger("app:shout", [
res.success ? "tip" : "caution",
trigger("app:toast", [
res.success ? "success" : "error",
res.message || "User warned!",
]);

Expand All @@ -138,5 +153,33 @@ <h3>Warnings</h3>
}
});
}

globalThis.ban_ip = function (ip) {
const reason = prompt(
"Please explain your reason for banning this IP below:",
);

if (!reason) {
return;
}

fetch("/api/auth/ipbans", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
ip,
reason,
}),
})
.then((res) => res.json())
.then((res) => {
trigger("app:toast", [
res.success ? "success" : "error",
res.message || "IP banned!",
]);
});
};
</script>
{% call super() %} {% endblock %}
2 changes: 1 addition & 1 deletion xsu-authman
Submodule xsu-authman updated 4 files
+1 −1 Cargo.toml
+172 −7 src/api.rs
+316 −12 src/database.rs
+24 −0 src/model.rs

0 comments on commit 6d3b27b

Please sign in to comment.