discourse/app/controllers/admin/screened_ip_addresses_contr...

# frozen_string_literal: true

class Admin::ScreenedIpAddressesController < Admin::AdminController

  before_action :fetch_screened_ip_address, only: [:update, :destroy]

  def index
    filter = params[:filter]
    filter = IPAddr.handle_wildcards(filter)

    screened_ip_addresses = ScreenedIpAddress
    screened_ip_addresses = screened_ip_addresses.where("cidr :filter >>= ip_address OR ip_address >>= cidr :filter", filter: filter) if filter.present?
    screened_ip_addresses = screened_ip_addresses.limit(200).order('match_count desc')

    begin
      screened_ip_addresses = screened_ip_addresses.to_a
    rescue ActiveRecord::StatementInvalid
      # postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression
      screened_ip_addresses = []
    end

    render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)
  end

  def create
    screened_ip_address = ScreenedIpAddress.new(allowed_params)
    if screened_ip_address.save
      render_serialized(screened_ip_address, ScreenedIpAddressSerializer)
    else
      render_json_error(screened_ip_address)
    end
  end

  def update
    if @screened_ip_address.update(allowed_params)
      render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)
    else
      render_json_error(@screened_ip_address)
    end
  end

  def destroy
    @screened_ip_address.destroy
    render json: success_json
  end

  private

  def allowed_params
    params.require(:ip_address)
    params.permit(:ip_address, :action_name)
  end

  def fetch_screened_ip_address
    @screened_ip_address = ScreenedIpAddress.find(params[:id])
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`class Admin::ScreenedIpAddressesController < Admin::AdminController`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`before_action :fetch_screened_ip_address, only: [:update, :destroy]`
Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`def index`
FEATURE: filter screened IP addresses 2015-02-10 13:38:59 -05:00			`filter = params[:filter]`
			`filter = IPAddr.handle_wildcards(filter)`

			`screened_ip_addresses = ScreenedIpAddress`
FEATURE: Search screened IP address in blocks (#15461) An admin could search for all screened ip addresses in a block by using wildcards. 192.168.* returned all IPs in range 192.168.0.0/16. This feature allows admins to search for a single IP address in all screened IP blocks. 192.168.0.1 returns all IP blocks that match it, for example 192.168.0.0/16. * FEATURE: Remove roll up button for screened IPs * FIX: Match more specific screened IP address first 2022-01-11 02:16:51 -05:00			`screened_ip_addresses = screened_ip_addresses.where("cidr :filter >>= ip_address OR ip_address >>= cidr :filter", filter: filter) if filter.present?`
FEATURE: filter screened IP addresses 2015-02-10 13:38:59 -05:00			`screened_ip_addresses = screened_ip_addresses.limit(200).order('match_count desc')`

			`begin`
			`screened_ip_addresses = screened_ip_addresses.to_a`
			`rescue ActiveRecord::StatementInvalid`
			`# postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression`
			`screened_ip_addresses = []`
			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)`
			`end`

A form to add ip addresses to be blocked or whitelisted 2013-10-24 17:18:10 -04:00			`def create`
			`screened_ip_address = ScreenedIpAddress.new(allowed_params)`
			`if screened_ip_address.save`
			`render_serialized(screened_ip_address, ScreenedIpAddressSerializer)`
			`else`
			`render_json_error(screened_ip_address)`
			`end`
			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`def update`
DEV: remove update_attributes which is deprecated in Rails 6 See: https://github.com/rails/rails/pull/31998 update_attributes is a relic of the past, it should no longer be used. 2019-04-29 03:32:25 -04:00			`if @screened_ip_address.update(allowed_params)`
FIX: Do not show an empty modal when an IP address is allowed or blocked. (#6265) 2018-08-20 11:37:30 -04:00			`render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)`
Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`else`
			`render_json_error(@screened_ip_address)`
			`end`
			`end`

			`def destroy`
			`@screened_ip_address.destroy`
			`render json: success_json`
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`private`

			`def allowed_params`
			`params.require(:ip_address)`
			`params.permit(:ip_address, :action_name)`
			`end`

			`def fetch_screened_ip_address`
			`@screened_ip_address = ScreenedIpAddress.find(params[:id])`
			`end`

Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`end`