From: Célestin Matte <celestin.matte@cmatte.me>
Date: Wed, 27 Oct 2021 13:40:45 +0000 (+0200)
Subject: Allow use of IP ranges for SEARCH_CLIENTS
X-Git-Url: http://git.postgresql.org/gitweb/static/session/%7B%7Bsession.id%7D%7D-%7B%7Bsession.title%7Cslugify%7D%7D?a=commitdiff_plain;h=1eec1401a56acfa7e79c26df33569dfe72691977;p=pgarchives.git

Allow use of IP ranges for SEARCH_CLIENTS

Allows the use of IP ranges in CIDR format in the SEARCH_CLIENTS
parameter. Individual addresses can still be specified and continue to
work like before.
---

diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py
index f711ce4..885f808 100644
--- a/django/archives/mailarchives/views.py
+++ b/django/archives/mailarchives/views.py
@@ -20,6 +20,7 @@ import email.parser
 import email.policy
 from io import BytesIO
 from urllib.parse import quote
+import ipaddress
 
 import json
 
@@ -709,7 +710,12 @@ def search(request):
         return HttpResponseForbidden('Not public archives')
 
     # Only certain hosts are allowed to call the search API
-    if not request.META['REMOTE_ADDR'] in settings.SEARCH_CLIENTS:
+    allowed = False
+    for ip_range in settings.SEARCH_CLIENTS:
+        if ipaddress.ip_address(request.META['REMOTE_ADDR']) in ipaddress.ip_network(ip_range):
+            allowed = True
+            break
+    if not allowed:
         return HttpResponseForbidden('Invalid host')
 
     curs = connection.cursor()