Commit c94caf14 authored by Julian Rother's avatar Julian Rother
Browse files

IP-Range-Checking for RWTH-intern

parent afe041c2
......@@ -26,3 +26,4 @@ SQLITE_INIT_DATA = True
#LDAP_HOST = 'ldaps://rumo.fsmpi.rwth-aachen.de'
#ICAL_URL = 'https://user:password@mail.fsmpi.rwth-aachen.de/SOGo/....ics'
ERROR_PAGE = 'static/500.html'
RWTH_IP_RANGES = ['134.130.0.0/16', '137.226.0.0/16', '134.61.0.0/16', '192.35.229.0/24', '2a00:8a60::/32']
......@@ -142,6 +142,12 @@ def checkperm(perms, username=None, password=None):
elif perm['type'] == 'rwth':
if session.get('rwthintern', False):
return True
if 'X-Real-IP' not in request.headers:
continue
ip = ip_address(request.headers['X-Real-IP'])
for net in RWTH_IP_RANGES:
if ip in ip_network(net):
return True
return False
@app.template_filter()
......@@ -574,7 +580,6 @@ def auth(): # For use with nginx auth_request
if 'X-Original-Uri' not in request.headers:
return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
ip = request.headers.get('X-Real-IP', '')
if request.cookies.get('tracking', '') and request.cookies['tracking'].isdigit():
cookie = int(request.cookies['tracking'])
else:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment