[Cleanup] Move blocked ip checking out of config

These three used methods do basically the same, except more correct. fc00::/7 are considered private while here only fd00::/8 was checked
2023-10-20 19:58:10 +02:00 · 2023-10-20 19:58:10 +02:00 · 776866b873
commit 776866b873
parent d95a0e5e10
2 changed files with 5 additions and 17 deletions
--- a/app/logical/downloads/file.rb
+++ b/app/logical/downloads/file.rb
@ -102,11 +102,15 @@ module Downloads
    def self.call(uri, options)
      ip_addr = IPAddr.new(Resolv.getaddress(uri.hostname))

-      if Danbooru.config.banned_ip_for_download?(ip_addr)
+      if ip_blocked?(ip_addr)
        raise Downloads::File::Error, "Downloads from #{ip_addr} are not allowed"
      end

      super(uri, options)
    end
+
+    def self.ip_blocked?(ip_addr)
+      ip_addr.private? || ip_addr.loopback? || ip_addr.link_local?
+    end
  end
 end
--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@ -603,22 +603,6 @@ module Danbooru
      'noreply@localhost'
    end

-    # For downloads, if the host matches any of these IPs, block it
-    def banned_ip_for_download?(ip_addr)
-      raise ArgumentError unless ip_addr.is_a?(IPAddr)
-      ipv4s = %w(127.0.0.1/8 169.254.0.0/16 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16)
-      ipv6s = %w(::1 fe80::/10 fd00::/8)
-
-
-      if ip_addr.ipv4?
-        ipv4s.any? {|range| IPAddr.new(range).include?(ip_addr)}
-      elsif ip_addr.ipv6?
-        ipv6s.any? {|range| IPAddr.new(range).include?(ip_addr)}
-      else
-        false
-      end
-    end
-
    # disable this for tests
    def enable_sock_puppet_validation?
      true