mirror of
https://github.com/discourse/discourse.git
synced 2024-11-27 17:43:39 +08:00
30990006a9
This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
66 lines
1.7 KiB
Ruby
66 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require_dependency 'ip_addr'
|
|
|
|
class Admin::ScreenedIpAddressesController < Admin::AdminController
|
|
|
|
before_action :fetch_screened_ip_address, only: [:update, :destroy]
|
|
|
|
def index
|
|
filter = params[:filter]
|
|
filter = IPAddr.handle_wildcards(filter)
|
|
|
|
screened_ip_addresses = ScreenedIpAddress
|
|
screened_ip_addresses = screened_ip_addresses.where("cidr :filter >>= ip_address", filter: filter) if filter.present?
|
|
screened_ip_addresses = screened_ip_addresses.limit(200).order('match_count desc')
|
|
|
|
begin
|
|
screened_ip_addresses = screened_ip_addresses.to_a
|
|
rescue ActiveRecord::StatementInvalid
|
|
# postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression
|
|
screened_ip_addresses = []
|
|
end
|
|
|
|
render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)
|
|
end
|
|
|
|
def create
|
|
screened_ip_address = ScreenedIpAddress.new(allowed_params)
|
|
if screened_ip_address.save
|
|
render_serialized(screened_ip_address, ScreenedIpAddressSerializer)
|
|
else
|
|
render_json_error(screened_ip_address)
|
|
end
|
|
end
|
|
|
|
def update
|
|
if @screened_ip_address.update(allowed_params)
|
|
render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)
|
|
else
|
|
render_json_error(@screened_ip_address)
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
@screened_ip_address.destroy
|
|
render json: success_json
|
|
end
|
|
|
|
def roll_up
|
|
subnets = ScreenedIpAddress.roll_up(current_user)
|
|
render json: success_json.merge!(subnets: subnets)
|
|
end
|
|
|
|
private
|
|
|
|
def allowed_params
|
|
params.require(:ip_address)
|
|
params.permit(:ip_address, :action_name)
|
|
end
|
|
|
|
def fetch_screened_ip_address
|
|
@screened_ip_address = ScreenedIpAddress.find(params[:id])
|
|
end
|
|
|
|
end
|