From c271bc1f6026833155bf15d5300d8f426f0e9924 Mon Sep 17 00:00:00 2001 From: elpatron Date: Tue, 18 Mar 2025 11:10:24 +0100 Subject: [PATCH] =?UTF-8?q?IP-=C3=9Cberpr=C3=BCfung=20mit=20X-Forwarded-Fo?= =?UTF-8?q?r-Header=20hinzugef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/app.py b/app.py index 28cf5e4..8dbfebb 100644 --- a/app.py +++ b/app.py @@ -7,6 +7,7 @@ from datetime import datetime, timedelta from dotenv import load_dotenv import requests from collections import defaultdict +import ipaddress app = Flask(__name__, static_folder='static') app.secret_key = 'your_secret_key' # Setzen Sie einen sicheren geheimen Schlüssel für die Session @@ -54,6 +55,26 @@ def load_data(): @app.route('/login', methods=['GET', 'POST']) def login(): + # Versuche, die tatsächliche Client-IP aus dem X-Forwarded-For-Header zu erhalten + client_ip = request.headers.get('X-Forwarded-For', request.remote_addr) + allowed_ip_ranges = os.getenv('ALLOWED_IP_RANGES', '').split(',') + + logger.info(f"Client-IP: {client_ip}") + logger.info(f"Erlaubte IP-Bereiche: {allowed_ip_ranges}") + + # Überprüfen, ob die IP-Adresse in einem der erlaubten Subnetze liegt + client_ip_obj = ipaddress.ip_address(client_ip) + for ip_range in allowed_ip_ranges: + try: + network = ipaddress.ip_network(ip_range.strip(), strict=False) + logger.info(f"Überprüfe Netzwerk: {network}") + if client_ip_obj in network: + logger.info("Client-IP ist im erlaubten Bereich.") + session['logged_in'] = True + return redirect(url_for('index')) + except ValueError: + logger.error(f"Ungültiges Netzwerkformat: {ip_range}") + if request.method == 'POST': password = request.form.get('password') if password == STATIC_PASSWORD: