diff --git a/app.py b/app.py index e76da97..01661c3 100644 --- a/app.py +++ b/app.py @@ -203,43 +203,49 @@ def get_real_ip(): return request.remote_addr -import os -import socket -import re - def is_allowed_ip(remote_ip, allowed_hosts_str): - # awaryjny dostęp if os.path.exists("emergency_access.txt"): return True if not allowed_hosts_str or not allowed_hosts_str.strip(): return False - allowed_hosts = re.split(r"[\n,]+", allowed_hosts_str.strip()) allowed_ips = set() + hosts = re.split(r"[\n,]+", allowed_hosts_str.strip()) - for host in allowed_hosts: + for host in hosts: host = host.strip() if not host: continue - if re.match(r"^\d{1,3}(\.\d{1,3}){3}$", host): - allowed_ips.add(host) - continue - try: - resolved_ip = socket.gethostbyname(host) - allowed_ips.add(resolved_ip) - except Exception: + ip_obj = ipaddress.ip_address(host) + allowed_ips.add(ip_obj) + continue + except ValueError: pass - try: - hostname = socket.gethostbyaddr(remote_ip)[0] - app.logger.info(f"Odwiedzający IP: {remote_ip}, host: {hostname}") - except Exception: - pass + try: + infos = socket.getaddrinfo(host, None) + for family, _, _, _, sockaddr in infos: + ip_str = sockaddr[0] + try: + ip_obj = ipaddress.ip_address(ip_str) + allowed_ips.add(ip_obj) + except ValueError: + continue + except Exception as e: + app.logger.warning(f"Nie można rozwiązać hosta {host}: {e}") - return remote_ip in allowed_ips + try: + remote_ip_obj = ipaddress.ip_address(remote_ip) + except ValueError: + app.logger.warning(f"Nieprawidłowe IP klienta: {remote_ip}") + return False + + is_allowed = remote_ip_obj in allowed_ips + app.logger.info(f"is_allowed_ip: {remote_ip_obj} -> {is_allowed} (lista: {allowed_ips})") + return is_allowed def to_local(dt):