elpatron/medi-customers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

IP-Überprüfung für Telefonnummern-Links implementiert

Browse Source
This commit is contained in:
elpatron
2025-03-18 11:28:27 +01:00
parent 91af1dfca0
commit 869acdcb18
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app.py
View File

@@ -88,7 +88,8 @@ def login():
def index(): def index():
if not session.get('logged_in'): if not session.get('logged_in'):
return redirect(url_for('login')) return redirect(url_for('login'))
return render_template('index.html') allowed_ip_ranges = os.getenv('ALLOWED_IP_RANGES', '')
return render_template('index.html', allowed_ip_ranges=allowed_ip_ranges)
@app.route('/search') @app.route('/search')
def search(): def search():

8
templates/index.html
View File

@@ -264,7 +264,13 @@
function createPhoneLink(phone) { function createPhoneLink(phone) {
if (!phone) return 'N/A'; if (!phone) return 'N/A';
const cleaned = phone.replace(/[^\d+\s]/g, ''); const cleaned = phone.replace(/[^\d+\s]/g, '');
const telLink = cleaned.startsWith('+') ? cleaned : '0' + cleaned.replace(/\s/g, ''); const clientIP = '{{ request.remote_addr }}'; // Client-IP aus dem Server
const allowedIPRanges = '{{ allowed_ip_ranges }}'.split(',');
// Überprüfen, ob die Client-IP in einem der erlaubten Bereiche liegt
const isAllowed = allowedIPRanges.some(range => clientIP.startsWith(range.trim()));
const telLink = cleaned.startsWith('+') ? cleaned : (isAllowed ? '0' + cleaned.replace(/\s/g, '') : cleaned.replace(/\s/g, ''));
return `<a href="tel:${telLink}" class="phone-link">${phone}</a>`; return `<a href="tel:${telLink}" class="phone-link">${phone}</a>`;
} }