Add IP-based rules (#14963)

author: Eugen Rochko <eugen@zeonfederated.com> 2020-10-12 16:33:49 +0200
committer: GitHub <noreply@github.com> 2020-10-12 16:33:49 +0200
commit: 5e1364c448222c964faa469b6b5bfe9adf701c1a (patch)
tree: bf13de38f07f6a8ec4bdce9c6242c3c472bfddea /app/models/ip_block.rb
parent: dc52a778e111a67a5275dd4afecf3991e279e005 (diff)
1 files changed, 41 insertions, 0 deletions
diff --git a/app/models/ip_block.rb b/app/models/ip_block.rb
new file mode 100644
index 000000000..aedd3ca0d
--- /dev/null
+++ b/app/models/ip_block.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+# == Schema Information
+#
+# Table name: ip_blocks
+#
+#  id         :bigint(8)        not null, primary key
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#  expires_at :datetime
+#  ip         :inet             default(#<IPAddr: IPv4:0.0.0.0/255.255.255.255>), not null
+#  severity   :integer          default(NULL), not null
+#  comment    :text             default(""), not null
+#
+
+class IpBlock < ApplicationRecord
+  CACHE_KEY = 'blocked_ips'
+
+  include Expireable
+
+  enum severity: {
+    sign_up_requires_approval: 5000,
+    no_access: 9999,
+  }
+
+  validates :ip, :severity, presence: true
+
+  after_commit :reset_cache
+
+  class << self
+    def blocked?(remote_ip)
+      blocked_ips_map = Rails.cache.fetch(CACHE_KEY) { FastIpMap.new(IpBlock.where(severity: :no_access).pluck(:ip)) }
+      blocked_ips_map.include?(remote_ip)
+    end
+  end
+
+  private
+
+  def reset_cache
+    Rails.cache.delete(CACHE_KEY)
+  end
+end
author	Eugen Rochko <eugen@zeonfederated.com>	2020-10-12 16:33:49 +0200
committer	GitHub <noreply@github.com>	2020-10-12 16:33:49 +0200
commit	5e1364c448222c964faa469b6b5bfe9adf701c1a (patch)
tree	bf13de38f07f6a8ec4bdce9c6242c3c472bfddea /app/models/ip_block.rb
parent	dc52a778e111a67a5275dd4afecf3991e279e005 (diff)