mirror of
https://github.com/space-syndicate/space-station-14.git
synced 2026-06-09 15:06:34 +02:00
Pieter-Jan Briers
29b7fc4463
Ban database refactor (#42495) * Ban DB refactor seems to work at a basic level for PostgreSQL * New ban creation API Supports all the new functionality (multiple players/addresses/hwids/roles/rounds per ban). * Make the migration irreversible * Re-implement ban notifications The server ID check is no longer done as admins may want to place bans spanning multiple rounds irrelevant of the source server. * Fix some split query warnings * Implement migration on SQLite * More comments * Remove required from ban reason SS14.Admin changes would like this * More missing AsSplitQuery() calls * Fix missing ban type filter * Fix old CreateServerBan API with permanent time * Fix department and role ban commands with permanent time * Re-add banhits navigation property Dropped this on accident, SS14.Admin needs it. * More ban API fixes. * Don't fetch ban exemption info for role bans Not relevant, reduces query performance * Regenerate migrations * Fix adminnotes command for players that never connected Would blow up handling null player records. Not a new bug introduced by the refactor, but I ran into it. * Great shame... I accidentally committed submodule update... * Update GDPR scripts * Fix sandbox violation * Fix bans with duplicate info causing DB exceptions Most notably happened with role bans, as multiple departments may include the same role.
109 lines
4.2 KiB
C#
109 lines
4.2 KiB
C#
using System.Collections;
|
|
using System.Diagnostics.CodeAnalysis;
|
|
using System.Linq;
|
|
using System.Net;
|
|
using System.Net.Sockets;
|
|
using NpgsqlTypes;
|
|
|
|
namespace Content.Server.IP
|
|
{
|
|
public static class IPAddressExt
|
|
{
|
|
// Npgsql used to map inet types as a tuple like this.
|
|
// I'm upgrading the dependencies and I don't wanna rewrite a bunch of DB code, so a few helpers it shall be.
|
|
public static NpgsqlInet ToNpgsqlInet(this (IPAddress, int) tuple)
|
|
{
|
|
return new NpgsqlInet(tuple.Item1, (byte)tuple.Item2);
|
|
}
|
|
|
|
public static (IPAddress, int) ToTuple(this NpgsqlInet inet)
|
|
{
|
|
return (inet.Address, inet.Netmask);
|
|
}
|
|
|
|
// Taken from https://stackoverflow.com/a/56461160/4678631
|
|
public static bool IsInSubnet(this System.Net.IPAddress address, string subnetMask)
|
|
{
|
|
var slashIdx = subnetMask.IndexOf("/", StringComparison.Ordinal);
|
|
if (slashIdx == -1)
|
|
{
|
|
// We only handle netmasks in format "IP/PrefixLength".
|
|
throw new NotSupportedException("Only SubNetMasks with a given prefix length are supported.");
|
|
}
|
|
|
|
// First parse the address of the netmask before the prefix length.
|
|
var maskAddress = System.Net.IPAddress.Parse(subnetMask[..slashIdx]);
|
|
|
|
if (maskAddress.AddressFamily != address.AddressFamily)
|
|
{
|
|
// We got something like an IPV4-Address for an IPv6-Mask. This is not valid.
|
|
return false;
|
|
}
|
|
|
|
// Now find out how long the prefix is.
|
|
int maskLength = int.Parse(subnetMask[(slashIdx + 1)..]);
|
|
|
|
return address.IsInSubnet(maskAddress, maskLength);
|
|
}
|
|
|
|
public static bool IsInSubnet(this System.Net.IPAddress address, (System.Net.IPAddress maskAddress, int maskLength) tuple)
|
|
{
|
|
return address.IsInSubnet(tuple.maskAddress, tuple.maskLength);
|
|
}
|
|
|
|
public static bool IsInSubnet(this System.Net.IPAddress address, System.Net.IPAddress maskAddress, int maskLength)
|
|
{
|
|
if (maskAddress.AddressFamily != address.AddressFamily)
|
|
{
|
|
// We got something like an IPV4-Address for an IPv6-Mask. This is not valid.
|
|
return false;
|
|
}
|
|
|
|
if (maskAddress.AddressFamily == AddressFamily.InterNetwork)
|
|
{
|
|
// Convert the mask address to an unsigned integer.
|
|
var maskAddressBits = BitConverter.ToUInt32(maskAddress.GetAddressBytes().Reverse().ToArray(), 0);
|
|
|
|
// And convert the IpAddress to an unsigned integer.
|
|
var ipAddressBits = BitConverter.ToUInt32(address.GetAddressBytes().Reverse().ToArray(), 0);
|
|
|
|
// Get the mask/network address as unsigned integer.
|
|
uint mask = uint.MaxValue << (32 - maskLength);
|
|
|
|
// https://stackoverflow.com/a/1499284/3085985
|
|
// Bitwise AND mask and MaskAddress, this should be the same as mask and IpAddress
|
|
// as the end of the mask is 0000 which leads to both addresses to end with 0000
|
|
// and to start with the prefix.
|
|
return (maskAddressBits & mask) == (ipAddressBits & mask);
|
|
}
|
|
|
|
if (maskAddress.AddressFamily == AddressFamily.InterNetworkV6)
|
|
{
|
|
// Convert the mask address to a BitArray.
|
|
var maskAddressBits = new BitArray(maskAddress.GetAddressBytes());
|
|
|
|
// And convert the IpAddress to a BitArray.
|
|
var ipAddressBits = new BitArray(address.GetAddressBytes());
|
|
|
|
if (maskAddressBits.Length != ipAddressBits.Length)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
// Compare the prefix bits.
|
|
for (int maskIndex = 0; maskIndex < maskLength; maskIndex++)
|
|
{
|
|
if (ipAddressBits[maskIndex] != maskAddressBits[maskIndex])
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
throw new NotSupportedException("Only InterNetworkV6 or InterNetwork address families are supported.");
|
|
}
|
|
}
|
|
}
|