zmiany w acl

2025-05-13 07:36:45 +02:00 · 2025-05-13 07:36:45 +02:00 · 214bd4f2c6
commit 214bd4f2c6
parent 1126730cbf
1 changed files with 44 additions and 18 deletions
--- a/app.py
+++ b/app.py
@ -62,12 +62,21 @@ class GlobalSettings(db.Model):
 def load_user(user_id):
    return User.query.get(int(user_id))

+def get_real_ip():
+    if "CF-Connecting-IP" in request.headers:
+        return request.headers.get("CF-Connecting-IP")
+    elif "X-Real-IP" in request.headers:
+        return request.headers.get("X-Real-IP")
+    elif "X-Forwarded-For" in request.headers:
+        forwarded_for = request.headers.get("X-Forwarded-For").split(",")
+        return forwarded_for[0].strip()
+    return request.remote_addr
+
+
 def is_allowed_ip(remote_ip, allowed_hosts_str):
-    # Jeśli istnieje plik awaryjny, zawsze zezwalamy na dostęp
    if os.path.exists("emergency_access.txt"):
        return True

-    # Rozdzielamy wpisy – mogą być oddzielone przecinkami lub znakami nowej linii
    allowed_hosts = re.split(r'[\n,]+', allowed_hosts_str.strip())
    allowed_ips = set()
    for host in allowed_hosts:
@ -75,12 +84,18 @@ def is_allowed_ip(remote_ip, allowed_hosts_str):
        if not host:
            continue
        try:
-            # Rozwiązywanie nazwy domeny do adresu IP.
            resolved_ip = socket.gethostbyname(host)
            allowed_ips.add(resolved_ip)
        except Exception:
-            # Jeśli rozwiązywanie nazwy nie powiedzie się, pomijamy ten wpis.
            continue
+
+    # Log reverse DNS dla IP odwiedzającego
+    try:
+        hostname = socket.gethostbyaddr(remote_ip)[0]
+        app.logger.info(f"Odwiedzający IP: {remote_ip}, host: {hostname}")
+    except Exception as e:
+        app.logger.warning(f"Reverse DNS nieudane dla {remote_ip}: {e}")
+
    return remote_ip in allowed_ips

 # Dodaj filtr Markdown – pozwala na zagnieżdżanie linków i obrazków w opisie
@ -112,19 +127,6 @@ def zbiorka(zbiorka_id):
        abort(404)
    return render_template('zbiorka.html', zbiorka=zb)

-def get_real_ip():
-    # Cloudflare
-    if "CF-Connecting-IP" in request.headers:
-        return request.headers.get("CF-Connecting-IP")
-    # Nginx proxy (Nginx Proxy Manager / standard reverse proxy)
-    elif "X-Real-IP" in request.headers:
-        return request.headers.get("X-Real-IP")
-    elif "X-Forwarded-For" in request.headers:
-        forwarded_for = request.headers.get("X-Forwarded-For").split(",")
-        return forwarded_for[0].strip()
-    # Fallback
-    return request.remote_addr
-
 # TRASY LOGOWANIA I REJESTRACJI

@app.route('/login', methods=['GET', 'POST'])
@ -343,6 +345,7 @@ def admin_settings():
         flash('Brak uprawnień do panelu administracyjnego', 'danger')
         return redirect(url_for('index'))
         
+    client_ip = get_real_ip()
    settings = GlobalSettings.query.first()
    if request.method == 'POST':
         numer_konta = request.form.get('numer_konta')
@ -365,7 +368,7 @@ def admin_settings():
         flash('Ustawienia globalne zostały zaktualizowane', 'success')
         return redirect(url_for('admin_dashboard'))
         
-    return render_template('admin/settings.html', settings=settings)
+    return render_template('admin/settings.html', settings=settings, client_ip=client_ip)

@app.route('/admin/zbiorka/oznacz/<int:zbiorka_id>', methods=['POST'])
@login_required
@ -389,6 +392,29 @@ def robots():
        robots_txt = "User-agent: *\nAllow: /"
    return robots_txt, 200, {'Content-Type': 'text/plain'}

+@app.route('/debug/headers')
+def debug_headers():
+    ip_sources = {
+        "CF-Connecting-IP": request.headers.get("CF-Connecting-IP"),
+        "X-Real-IP": request.headers.get("X-Real-IP"),
+        "X-Forwarded-For": request.headers.get("X-Forwarded-For"),
+        "remote_addr": request.remote_addr,
+    }
+    
+    all_headers = dict(request.headers)
+    
+    response_html = "<h2>Nagłówki IP</h2><ul>"
+    for key, val in ip_sources.items():
+        response_html += f"<li><strong>{key}:</strong> {val}</li>"
+    response_html += "</ul><hr><h2>Wszystkie nagłówki</h2><ul>"
+    
+    for key, val in all_headers.items():
+        response_html += f"<li><strong>{key}:</strong> {val}</li>"
+    response_html += "</ul>"
+    
+    return response_html
+
+
 if __name__ == '__main__':
    with app.app_context():
        db.create_all()