From 214bd4f2c617895168c6fa272d65c831d74fe54d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Tue, 13 May 2025 07:36:45 +0200 Subject: [PATCH] zmiany w acl --- app.py | 62 +++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 44 insertions(+), 18 deletions(-) diff --git a/app.py b/app.py index 9c4a26f..914bf31 100644 --- a/app.py +++ b/app.py @@ -62,12 +62,21 @@ class GlobalSettings(db.Model): def load_user(user_id): return User.query.get(int(user_id)) +def get_real_ip(): + if "CF-Connecting-IP" in request.headers: + return request.headers.get("CF-Connecting-IP") + elif "X-Real-IP" in request.headers: + return request.headers.get("X-Real-IP") + elif "X-Forwarded-For" in request.headers: + forwarded_for = request.headers.get("X-Forwarded-For").split(",") + return forwarded_for[0].strip() + return request.remote_addr + + def is_allowed_ip(remote_ip, allowed_hosts_str): - # Jeśli istnieje plik awaryjny, zawsze zezwalamy na dostęp if os.path.exists("emergency_access.txt"): return True - # Rozdzielamy wpisy – mogą być oddzielone przecinkami lub znakami nowej linii allowed_hosts = re.split(r'[\n,]+', allowed_hosts_str.strip()) allowed_ips = set() for host in allowed_hosts: @@ -75,12 +84,18 @@ def is_allowed_ip(remote_ip, allowed_hosts_str): if not host: continue try: - # Rozwiązywanie nazwy domeny do adresu IP. resolved_ip = socket.gethostbyname(host) allowed_ips.add(resolved_ip) except Exception: - # Jeśli rozwiązywanie nazwy nie powiedzie się, pomijamy ten wpis. continue + + # Log reverse DNS dla IP odwiedzającego + try: + hostname = socket.gethostbyaddr(remote_ip)[0] + app.logger.info(f"Odwiedzający IP: {remote_ip}, host: {hostname}") + except Exception as e: + app.logger.warning(f"Reverse DNS nieudane dla {remote_ip}: {e}") + return remote_ip in allowed_ips # Dodaj filtr Markdown – pozwala na zagnieżdżanie linków i obrazków w opisie @@ -112,19 +127,6 @@ def zbiorka(zbiorka_id): abort(404) return render_template('zbiorka.html', zbiorka=zb) -def get_real_ip(): - # Cloudflare - if "CF-Connecting-IP" in request.headers: - return request.headers.get("CF-Connecting-IP") - # Nginx proxy (Nginx Proxy Manager / standard reverse proxy) - elif "X-Real-IP" in request.headers: - return request.headers.get("X-Real-IP") - elif "X-Forwarded-For" in request.headers: - forwarded_for = request.headers.get("X-Forwarded-For").split(",") - return forwarded_for[0].strip() - # Fallback - return request.remote_addr - # TRASY LOGOWANIA I REJESTRACJI @app.route('/login', methods=['GET', 'POST']) @@ -343,6 +345,7 @@ def admin_settings(): flash('Brak uprawnień do panelu administracyjnego', 'danger') return redirect(url_for('index')) + client_ip = get_real_ip() settings = GlobalSettings.query.first() if request.method == 'POST': numer_konta = request.form.get('numer_konta') @@ -365,7 +368,7 @@ def admin_settings(): flash('Ustawienia globalne zostały zaktualizowane', 'success') return redirect(url_for('admin_dashboard')) - return render_template('admin/settings.html', settings=settings) + return render_template('admin/settings.html', settings=settings, client_ip=client_ip) @app.route('/admin/zbiorka/oznacz/', methods=['POST']) @login_required @@ -389,6 +392,29 @@ def robots(): robots_txt = "User-agent: *\nAllow: /" return robots_txt, 200, {'Content-Type': 'text/plain'} +@app.route('/debug/headers') +def debug_headers(): + ip_sources = { + "CF-Connecting-IP": request.headers.get("CF-Connecting-IP"), + "X-Real-IP": request.headers.get("X-Real-IP"), + "X-Forwarded-For": request.headers.get("X-Forwarded-For"), + "remote_addr": request.remote_addr, + } + + all_headers = dict(request.headers) + + response_html = "

Nagłówki IP

Wszystkie nagłówki

" + + return response_html + + if __name__ == '__main__': with app.app_context(): db.create_all()