IP fix - Hoffe das wurde gefixt
Dieser Commit ist enthalten in:
@@ -28,6 +28,7 @@ import qrcode
|
||||
from io import BytesIO
|
||||
import base64
|
||||
import json
|
||||
from werkzeug.middleware.proxy_fix import ProxyFix
|
||||
|
||||
load_dotenv()
|
||||
|
||||
@@ -45,6 +46,11 @@ app.config['SESSION_COOKIE_NAME'] = 'admin_session'
|
||||
app.config['SESSION_REFRESH_EACH_REQUEST'] = False
|
||||
Session(app)
|
||||
|
||||
# ProxyFix für korrekte IP-Adressen hinter Nginx
|
||||
app.wsgi_app = ProxyFix(
|
||||
app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1
|
||||
)
|
||||
|
||||
# Backup-Konfiguration
|
||||
BACKUP_DIR = Path("/app/backups")
|
||||
BACKUP_DIR.mkdir(exist_ok=True)
|
||||
@@ -69,6 +75,7 @@ scheduler.start()
|
||||
# Logging konfigurieren
|
||||
logging.basicConfig(level=logging.INFO)
|
||||
|
||||
|
||||
# Login decorator
|
||||
def login_required(f):
|
||||
@wraps(f)
|
||||
@@ -206,9 +213,12 @@ def log_audit(action, entity_type, entity_id=None, old_values=None, new_values=N
|
||||
|
||||
try:
|
||||
username = session.get('username', 'system')
|
||||
ip_address = request.remote_addr if request else None
|
||||
ip_address = get_client_ip() if request else None
|
||||
user_agent = request.headers.get('User-Agent') if request else None
|
||||
|
||||
# Debug logging
|
||||
app.logger.info(f"Audit log - IP address captured: {ip_address}, Action: {action}, User: {username}")
|
||||
|
||||
# Konvertiere Dictionaries zu JSONB
|
||||
old_json = Json(old_values) if old_values else None
|
||||
new_json = Json(new_values) if new_values else None
|
||||
@@ -464,12 +474,19 @@ scheduler.add_job(
|
||||
# Rate-Limiting Funktionen
|
||||
def get_client_ip():
|
||||
"""Ermittelt die echte IP-Adresse des Clients"""
|
||||
if request.environ.get('HTTP_X_FORWARDED_FOR'):
|
||||
return request.environ['HTTP_X_FORWARDED_FOR'].split(',')[0]
|
||||
elif request.environ.get('HTTP_X_REAL_IP'):
|
||||
return request.environ.get('HTTP_X_REAL_IP')
|
||||
# Debug logging
|
||||
app.logger.info(f"Headers - X-Real-IP: {request.headers.get('X-Real-IP')}, X-Forwarded-For: {request.headers.get('X-Forwarded-For')}, Remote-Addr: {request.remote_addr}")
|
||||
|
||||
# Try X-Real-IP first (set by nginx)
|
||||
if request.headers.get('X-Real-IP'):
|
||||
return request.headers.get('X-Real-IP')
|
||||
# Then X-Forwarded-For
|
||||
elif request.headers.get('X-Forwarded-For'):
|
||||
# X-Forwarded-For can contain multiple IPs, take the first one
|
||||
return request.headers.get('X-Forwarded-For').split(',')[0].strip()
|
||||
# Fallback to remote_addr
|
||||
else:
|
||||
return request.environ.get('REMOTE_ADDR')
|
||||
return request.remote_addr
|
||||
|
||||
def check_ip_blocked(ip_address):
|
||||
"""Prüft ob eine IP-Adresse gesperrt ist"""
|
||||
@@ -1566,7 +1583,7 @@ def create_license():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (resource_id, license_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
# IPv4s zuweisen
|
||||
if ipv4_count > 0:
|
||||
@@ -1591,7 +1608,7 @@ def create_license():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (resource_id, license_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
# Telefonnummern zuweisen
|
||||
if phone_count > 0:
|
||||
@@ -1616,7 +1633,7 @@ def create_license():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (resource_id, license_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
except ValueError as e:
|
||||
conn.rollback()
|
||||
@@ -1816,7 +1833,7 @@ def batch_licenses():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (resource_id, license_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
# IPv4s
|
||||
if ipv4_count > 0:
|
||||
@@ -1841,7 +1858,7 @@ def batch_licenses():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (resource_id, license_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
# Telefonnummern
|
||||
if phone_count > 0:
|
||||
@@ -1866,7 +1883,7 @@ def batch_licenses():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (resource_id, license_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
generated_licenses.append({
|
||||
'id': license_id,
|
||||
@@ -3405,7 +3422,7 @@ def add_resources():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, action, action_by, ip_address)
|
||||
VALUES (%s, 'created', %s, %s)
|
||||
""", (resource_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, session['username'], get_client_ip()))
|
||||
else:
|
||||
duplicates += 1
|
||||
|
||||
@@ -3462,7 +3479,7 @@ def quarantine_resource(resource_id):
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, action, action_by, ip_address, details)
|
||||
VALUES (%s, 'quarantined', %s, %s, %s)
|
||||
""", (resource_id, session['username'], request.remote_addr,
|
||||
""", (resource_id, session['username'], get_client_ip(),
|
||||
Json({'reason': reason, 'until': until_date, 'notes': notes, 'old_status': old_status})))
|
||||
|
||||
conn.commit()
|
||||
@@ -3509,7 +3526,7 @@ def release_resources():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, action, action_by, ip_address)
|
||||
VALUES (%s, 'released', %s, %s)
|
||||
""", (resource_id, session['username'], request.remote_addr))
|
||||
""", (resource_id, session['username'], get_client_ip()))
|
||||
|
||||
conn.commit()
|
||||
cur.close()
|
||||
@@ -3571,7 +3588,7 @@ def allocate_resources_api():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (domain_id, license_id, session['username'], request.remote_addr))
|
||||
""", (domain_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
allocated['domains'].append(domain_value)
|
||||
|
||||
@@ -3605,7 +3622,7 @@ def allocate_resources_api():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (ipv4_id, license_id, session['username'], request.remote_addr))
|
||||
""", (ipv4_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
allocated['ipv4s'].append(ipv4_value)
|
||||
|
||||
@@ -3639,7 +3656,7 @@ def allocate_resources_api():
|
||||
cur.execute("""
|
||||
INSERT INTO resource_history (resource_id, license_id, action, action_by, ip_address)
|
||||
VALUES (%s, %s, 'allocated', %s, %s)
|
||||
""", (phone_id, license_id, session['username'], request.remote_addr))
|
||||
""", (phone_id, license_id, session['username'], get_client_ip()))
|
||||
|
||||
allocated['phones'].append(phone_value)
|
||||
|
||||
|
||||
In neuem Issue referenzieren
Einen Benutzer sperren