From 1bdee5dc95d4d41c02cd189142c897342e5e6a99 Mon Sep 17 00:00:00 2001 From: UserIsMH Date: Mon, 9 Jun 2025 23:58:23 +0200 Subject: [PATCH] IP fix - Hoffe das wurde gefixt --- v2_adminpanel/app.py | 53 +++++++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/v2_adminpanel/app.py b/v2_adminpanel/app.py index 8b0c3ad..08d1de4 100644 --- a/v2_adminpanel/app.py +++ b/v2_adminpanel/app.py @@ -28,6 +28,7 @@ import qrcode from io import BytesIO import base64 import json +from werkzeug.middleware.proxy_fix import ProxyFix load_dotenv() @@ -45,6 +46,11 @@ app.config['SESSION_COOKIE_NAME'] = 'admin_session' app.config['SESSION_REFRESH_EACH_REQUEST'] = False Session(app) +# ProxyFix für korrekte IP-Adressen hinter Nginx +app.wsgi_app = ProxyFix( + app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1 +) + # Backup-Konfiguration BACKUP_DIR = Path("/app/backups") BACKUP_DIR.mkdir(exist_ok=True) @@ -69,6 +75,7 @@ scheduler.start() # Logging konfigurieren logging.basicConfig(level=logging.INFO) + # Login decorator def login_required(f): @wraps(f) @@ -206,9 +213,12 @@ def log_audit(action, entity_type, entity_id=None, old_values=None, new_values=N try: username = session.get('username', 'system') - ip_address = request.remote_addr if request else None + ip_address = get_client_ip() if request else None user_agent = request.headers.get('User-Agent') if request else None + # Debug logging + app.logger.info(f"Audit log - IP address captured: {ip_address}, Action: {action}, User: {username}") + # Konvertiere Dictionaries zu JSONB old_json = Json(old_values) if old_values else None new_json = Json(new_values) if new_values else None @@ -464,12 +474,19 @@ scheduler.add_job( # Rate-Limiting Funktionen def get_client_ip(): """Ermittelt die echte IP-Adresse des Clients""" - if request.environ.get('HTTP_X_FORWARDED_FOR'): - return request.environ['HTTP_X_FORWARDED_FOR'].split(',')[0] - elif request.environ.get('HTTP_X_REAL_IP'): - return request.environ.get('HTTP_X_REAL_IP') + # Debug logging + app.logger.info(f"Headers - X-Real-IP: {request.headers.get('X-Real-IP')}, X-Forwarded-For: {request.headers.get('X-Forwarded-For')}, Remote-Addr: {request.remote_addr}") + + # Try X-Real-IP first (set by nginx) + if request.headers.get('X-Real-IP'): + return request.headers.get('X-Real-IP') + # Then X-Forwarded-For + elif request.headers.get('X-Forwarded-For'): + # X-Forwarded-For can contain multiple IPs, take the first one + return request.headers.get('X-Forwarded-For').split(',')[0].strip() + # Fallback to remote_addr else: - return request.environ.get('REMOTE_ADDR') + return request.remote_addr def check_ip_blocked(ip_address): """Prüft ob eine IP-Adresse gesperrt ist""" @@ -1566,7 +1583,7 @@ def create_license(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (resource_id, license_id, session['username'], request.remote_addr)) + """, (resource_id, license_id, session['username'], get_client_ip())) # IPv4s zuweisen if ipv4_count > 0: @@ -1591,7 +1608,7 @@ def create_license(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (resource_id, license_id, session['username'], request.remote_addr)) + """, (resource_id, license_id, session['username'], get_client_ip())) # Telefonnummern zuweisen if phone_count > 0: @@ -1616,7 +1633,7 @@ def create_license(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (resource_id, license_id, session['username'], request.remote_addr)) + """, (resource_id, license_id, session['username'], get_client_ip())) except ValueError as e: conn.rollback() @@ -1816,7 +1833,7 @@ def batch_licenses(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (resource_id, license_id, session['username'], request.remote_addr)) + """, (resource_id, license_id, session['username'], get_client_ip())) # IPv4s if ipv4_count > 0: @@ -1841,7 +1858,7 @@ def batch_licenses(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (resource_id, license_id, session['username'], request.remote_addr)) + """, (resource_id, license_id, session['username'], get_client_ip())) # Telefonnummern if phone_count > 0: @@ -1866,7 +1883,7 @@ def batch_licenses(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (resource_id, license_id, session['username'], request.remote_addr)) + """, (resource_id, license_id, session['username'], get_client_ip())) generated_licenses.append({ 'id': license_id, @@ -3405,7 +3422,7 @@ def add_resources(): cur.execute(""" INSERT INTO resource_history (resource_id, action, action_by, ip_address) VALUES (%s, 'created', %s, %s) - """, (resource_id, session['username'], request.remote_addr)) + """, (resource_id, session['username'], get_client_ip())) else: duplicates += 1 @@ -3462,7 +3479,7 @@ def quarantine_resource(resource_id): cur.execute(""" INSERT INTO resource_history (resource_id, action, action_by, ip_address, details) VALUES (%s, 'quarantined', %s, %s, %s) - """, (resource_id, session['username'], request.remote_addr, + """, (resource_id, session['username'], get_client_ip(), Json({'reason': reason, 'until': until_date, 'notes': notes, 'old_status': old_status}))) conn.commit() @@ -3509,7 +3526,7 @@ def release_resources(): cur.execute(""" INSERT INTO resource_history (resource_id, action, action_by, ip_address) VALUES (%s, 'released', %s, %s) - """, (resource_id, session['username'], request.remote_addr)) + """, (resource_id, session['username'], get_client_ip())) conn.commit() cur.close() @@ -3571,7 +3588,7 @@ def allocate_resources_api(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (domain_id, license_id, session['username'], request.remote_addr)) + """, (domain_id, license_id, session['username'], get_client_ip())) allocated['domains'].append(domain_value) @@ -3605,7 +3622,7 @@ def allocate_resources_api(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (ipv4_id, license_id, session['username'], request.remote_addr)) + """, (ipv4_id, license_id, session['username'], get_client_ip())) allocated['ipv4s'].append(ipv4_value) @@ -3639,7 +3656,7 @@ def allocate_resources_api(): cur.execute(""" INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address) VALUES (%s, %s, 'allocated', %s, %s) - """, (phone_id, license_id, session['username'], request.remote_addr)) + """, (phone_id, license_id, session['username'], get_client_ip())) allocated['phones'].append(phone_value)