zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-27 04:58:29 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat: support IPv6 /64 range in white IP validation

Browse source 
- Split IP validation logic for IPv4 and IPv6 addresses
- Add specific validation for IPv6 to allow only single addresses (/128) or /64 ranges
- Remove old network address calculation for IPv6
- Keep IPv4 address limit validation unchanged
- Add localization for new IPv6 validation error message
- Add test coverage for IPv6 validation:
  * Test for valid /64 range
  * Test for valid single address
  * Test for invalid ranges (/48 and /96)
This commit is contained in:
oleghasjanov 2025-03-24 15:16:10 +02:00
parent 66619f12fe
commit bc01dfaa3a
3 changed files with 65 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

54
app/models/white_ip.rb
View file

@ -39,13 +39,11 @@ class WhiteIp < ApplicationRecord
def validate_max_ip_count def validate_max_ip_count
return if errors.any? return if errors.any?
total_exist = calculate_total_network_addresses(registrar.white_ips) if ipv4.present?
total_current = calculate_total_network_addresses([self]) validate_ipv4_limit
total = total_exist + total_current elsif ipv6.present?
limit = Setting.ip_whitelist_max_count validate_ipv6_range
return unless total >= limit end
errors.add(:base, :ip_limit_exceeded, total: total, limit: limit)
end end
def valid_ipv4? def valid_ipv4?
@ -106,21 +104,39 @@ class WhiteIp < ApplicationRecord
end end
end end
def count_network_addresses(ip) def validate_ipv4_limit
address = IPAddr.new(ip) total_exist = calculate_total_ipv4_addresses(registrar.white_ips)
total_current = calculate_total_ipv4_addresses([self])
total = total_exist + total_current
limit = Setting.ip_whitelist_max_count
return unless total >= limit
if address.ipv4? errors.add(:base, :ip_limit_exceeded, total: total, limit: limit)
subnet_mask = address.prefix end
(2**(32 - subnet_mask) - 2).abs
elsif address.ipv6? def validate_ipv6_range
subnet_mask = address.prefix return unless ipv6.present?
(2**(128 - subnet_mask) - 2).abs
else address = IPAddr.new(ipv6)
0 subnet_mask = address.prefix
unless subnet_mask == 128 || subnet_mask == 64
errors.add(:base, :ipv6_must_be_single_or_64_range)
end end
end end
def calculate_total_network_addresses(ips) def calculate_total_ipv4_addresses(ips)
ips.sum { |ip| count_network_addresses(ip.ipv4.presence || ip.ipv6) } ips.sum do |ip|
next 0 unless ip.ipv4.present?
count_ipv4_addresses(ip.ipv4)
end
end
def count_ipv4_addresses(ip)
address = IPAddr.new(ip)
return 0 unless address.ipv4?
subnet_mask = address.prefix
(2**(32 - subnet_mask) - 2).abs
end end
end end

1
config/locales/en.yml
View file

@ -155,6 +155,7 @@ en:
ipv4_or_ipv6_must_be_present: 'IPv4 or IPv6 must be present' ipv4_or_ipv6_must_be_present: 'IPv4 or IPv6 must be present'
ip_must_be_one: 'Please enter only one IP address' ip_must_be_one: 'Please enter only one IP address'
ip_limit_exceeded: 'IP address limit exceeded. Total addresses: %{total}. Limit: %{limit}.' ip_limit_exceeded: 'IP address limit exceeded. Total addresses: %{total}. Limit: %{limit}.'
ipv6_must_be_single_or_64_range: 'IPv6 address must be either a single address or a /64 range'
ipv4: ipv4:
taken: 'has already been taken' taken: 'has already been taken'
ipv6: ipv6:

29
test/models/white_ip_test.rb
View file

@ -53,6 +53,35 @@ class WhiteIpTest < ActiveSupport::TestCase
assert_not WhiteIp.include_ip?('192.168.1.1') assert_not WhiteIp.include_ip?('192.168.1.1')
end end
def test_validates_ipv6_64_range
white_ip = WhiteIp.new
white_ip.registrar = registrars(:bestnames)
white_ip.ipv6 = '2001:db8::/64'
assert white_ip.valid?, 'IPv6 /64 range should be valid'
end
def test_validates_ipv6_single_address
white_ip = WhiteIp.new
white_ip.registrar = registrars(:bestnames)
white_ip.ipv6 = '2001:db8::1'
assert white_ip.valid?, 'Single IPv6 address should be valid'
end
def test_rejects_invalid_ipv6_range
white_ip = WhiteIp.new
white_ip.registrar = registrars(:bestnames)
white_ip.ipv6 = '2001:db8::/48'
assert white_ip.invalid?, 'IPv6 /48 range should be invalid'
assert_includes white_ip.errors.full_messages, 'IPv6 address must be either a single address or a /64 range'
white_ip.ipv6 = '2001:db8::/96'
assert white_ip.invalid?, 'IPv6 /96 range should be invalid'
assert_includes white_ip.errors.full_messages, 'IPv6 address must be either a single address or a /64 range'
end
private private
def valid_white_ip def valid_white_ip