From ea65a55bc7e2eab499cb07c4b43dad46a82081f2 Mon Sep 17 00:00:00 2001 From: Alice Date: Mon, 16 Jan 2017 06:10:47 +0000 Subject: [PATCH] Fix remote addr with proxy, add VPN usage detection --- ccvpn/context_processors.py | 5 +++++ ccvpn/settings.py | 3 +++ lambdainst/core.py | 24 ++++++++++++++++++++++++ lambdainst/views.py | 3 ++- templates/layout.html | 15 +++++++++++---- tickets/views.py | 5 +++-- 6 files changed, 48 insertions(+), 7 deletions(-) diff --git a/ccvpn/context_processors.py b/ccvpn/context_processors.py index 0bcb08d..1f7b2f9 100644 --- a/ccvpn/context_processors.py +++ b/ccvpn/context_processors.py @@ -1,8 +1,13 @@ from django.conf import settings +from ccvpn.common import get_client_ip +from lambdainst.core import is_vpn_gateway def some_settings(request): + client_ip = get_client_ip(request) return { + 'CLIENT_IP': client_ip, + 'CLIENT_ON_VPN': is_vpn_gateway(client_ip), 'ROOT_URL': settings.ROOT_URL, 'ADDITIONAL_HTML': settings.ADDITIONAL_HTML, 'ADDITIONAL_HEADER_HTML': settings.ADDITIONAL_HEADER_HTML, diff --git a/ccvpn/settings.py b/ccvpn/settings.py index 8e67857..99907e6 100644 --- a/ccvpn/settings.py +++ b/ccvpn/settings.py @@ -180,6 +180,9 @@ TICKETS_SITE_NAME = 'CCrypto VPN Support' # Full URL to the site root ROOT_URL = '' +# Forwarded for header name, if any (None will use remote_addr) +REAL_IP_HEADER_NAME = None + # reCAPTCHA API details. If empty, no captcha is displayed. RECAPTCHA_API = 'https://www.google.com/recaptcha/api/siteverify' RECAPTCHA_SITE_KEY = '' diff --git a/lambdainst/core.py b/lambdainst/core.py index 37db8ce..840bd77 100644 --- a/lambdainst/core.py +++ b/lambdainst/core.py @@ -101,6 +101,30 @@ def get_locations(): return locations +@APICache(initial=lambda: []) +def get_gateway_exit_ips(): + gateways = core_api.get('/gateways/', enabled=True) + ipv4_list = [] + ipv6_list = [] + + for gw in gateways.list_iter(): + ma = gw['main_addr'] + if ma.get('ipv4'): + ipv4_list.append(ma['ipv4']) + if ma.get('ipv6'): + ipv6_list.append(ma['ipv6']) + + # TODO: IPv6 support + + return ipv4_list + + +def is_vpn_gateway(ip): + addresses = get_gateway_exit_ips() + print(addresses) + return ip in addresses + + def create_user(username, cleartext_password): """ The password will be hashed and stored safely on the core, so we have to send it clearly here. diff --git a/lambdainst/views.py b/lambdainst/views.py index 2a0c346..77e3c7d 100644 --- a/lambdainst/views.py +++ b/lambdainst/views.py @@ -27,6 +27,7 @@ from django.contrib.auth.models import User from django_countries import countries import lcoreapi +from ccvpn.common import get_client_ip from payments.models import ACTIVE_BACKENDS from .forms import SignupForm, ReqEmailForm from .models import GiftCode, VPNUser @@ -189,7 +190,7 @@ def captcha_test(grr, request): return True data = dict(secret=project_settings.RECAPTCHA_SECRET_KEY, - remoteip=request.META['REMOTE_ADDR'], + remoteip=get_client_ip(request), response=grr) try: diff --git a/templates/layout.html b/templates/layout.html index 0b35716..9110bcc 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -75,10 +75,17 @@ {% endblock %} diff --git a/tickets/views.py b/tickets/views.py index 9f12990..dbd7c83 100644 --- a/tickets/views.py +++ b/tickets/views.py @@ -5,6 +5,7 @@ from django.utils import timezone from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger from django.utils.translation import ugettext as _ +from ccvpn.common import get_client_ip from .models import Ticket, TicketMessage from .forms import NewTicketForm, ReplyForm, StaffReplyForm @@ -82,7 +83,7 @@ def new(request): message=form.cleaned_data['message']) if not request.user.is_staff: - firstmsg.remote_addr = request.META['REMOTE_ADDR'] + firstmsg.remote_addr = get_client_ip(request) firstmsg.save() @@ -151,7 +152,7 @@ def view(request, id): **form.cleaned_data) if not request.user.is_staff: - msg.remote_addr = request.META['REMOTE_ADDR'] + msg.remote_addr = get_client_ip(request) msg.save()