Alek Ratzloff
a4f00e6242
Users can delete their posts as long as they don't clear their cookies, and as long as server-side user sessions are persistent. Signed-off-by: Alek Ratzloff <alekratz@gmail.com>
59 lines
1.7 KiB
Python
59 lines
1.7 KiB
Python
from typing import Optional, TYPE_CHECKING
|
|
from django.utils import timezone
|
|
from django.conf import settings
|
|
import ipaddress
|
|
import random
|
|
import string
|
|
|
|
from board.models import Ban, RangeBan
|
|
|
|
|
|
if TYPE_CHECKING:
|
|
from board.models import Board
|
|
|
|
|
|
def get_client_ip(request):
|
|
"Get the IP address of a client-side request. Shamelessly copy/pasted from StackOverflow."
|
|
x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
|
|
if x_forwarded_for:
|
|
ip = x_forwarded_for.split(",")[0]
|
|
else:
|
|
ip = request.META.get("REMOTE_ADDR")
|
|
return ip
|
|
|
|
|
|
def get_ip_bans(ip: str) -> list:
|
|
bans = list(Ban.objects.filter(ip=ip))
|
|
|
|
ip_addr = ipaddress.ip_address(ip)
|
|
for rangeban in RangeBan.objects.all():
|
|
start = ipaddress.ip_address(rangeban.start)
|
|
end = ipaddress.ip_address(rangeban.end)
|
|
if ip_addr.version != start.version or ip_addr.version != end.version:
|
|
continue
|
|
if start <= ip_addr <= end: # type: ignore
|
|
bans += [rangeban]
|
|
return bans
|
|
|
|
|
|
def is_banned(ip: str, board: Optional["Board"]) -> bool:
|
|
now = timezone.now()
|
|
bans = [ban for ban in get_ip_bans(ip) if ban.board == board or not ban.board]
|
|
if bans:
|
|
active = [ban for ban in bans if not ban.expires or ban.expires > now]
|
|
expired = [ban for ban in bans if ban.expires and ban.expires <= now]
|
|
# Delete expired bans
|
|
for ban in expired:
|
|
ban.delete()
|
|
return bool(active)
|
|
else:
|
|
return False
|
|
|
|
|
|
def generate_user_token() -> str:
|
|
"""
|
|
Generates a non-secure user token.
|
|
User tokens need not be secure so this is a simple implementation.
|
|
"""
|
|
return "".join(random.choices(string.ascii_letters, k=settings.USER_TOKEN_LENGTH))
|