Add IP ban exemption flag (#15815)

Workbench-Team · May 7, 2023 · 6efe498 · 6efe498
1 parent 2d180ad
commit 6efe498
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/Content.Server.Database/Model.cs b/Content.Server.Database/Model.cs
@@ -459,6 +459,14 @@ public enum ServerBanExemptFlags
         /// Ban is a datacenter range, connections usually imply usage of a VPN service.
         /// </summary>
         Datacenter = 1 << 0,
+
+        /// <summary>
+        /// Ban only matches the IP.
+        /// </summary>
+        /// <remarks>
+        /// Intended use is for users with shared connections. This should not be used as an alternative to <see cref="Datacenter"/>.
+        /// </remarks>
+        IP = 1 << 1,
         // @formatter:on
     }
 

diff --git a/Content.Server/Database/ServerDbPostgres.cs b/Content.Server/Database/ServerDbPostgres.cs
@@ -119,7 +119,7 @@ private static IQueryable<ServerBan> MakeBanLookupQuery(
                 query = query == null ? newQ : query.Union(newQ);
             }
 
-            if (address != null)
+            if (address != null && !exemptFlags.GetValueOrDefault(ServerBanExemptFlags.None).HasFlag(ServerBanExemptFlags.IP))
             {
                 var newQ = db.PgDbContext.Ban
                     .Include(p => p.Unban)

diff --git a/Content.Server/Database/ServerDbSqlite.cs b/Content.Server/Database/ServerDbSqlite.cs
@@ -74,7 +74,7 @@ public ServerDbSqlite(DbContextOptions<SqliteServerDbContext> options)
             // So just pull down the whole list into memory.
             var bans = await GetAllBans(db.SqliteDbContext, includeUnbanned: false, exempt);
 
-            return bans.FirstOrDefault(b => BanMatches(b, address, userId, hwId)) is { } foundBan
+            return bans.FirstOrDefault(b => BanMatches(b, address, userId, hwId, exempt)) is { } foundBan
                 ? ConvertBan(foundBan)
                 : null;
         }
@@ -92,7 +92,7 @@ public override async Task<List<ServerBanDef>> GetServerBansAsync(IPAddress? add
             var queryBans = await GetAllBans(db.SqliteDbContext, includeUnbanned, exempt);
 
             return queryBans
-                .Where(b => BanMatches(b, address, userId, hwId))
+                .Where(b => BanMatches(b, address, userId, hwId, exempt))
                 .Select(ConvertBan)
                 .ToList()!;
         }
@@ -117,13 +117,14 @@ private static async Task<List<ServerBan>> GetAllBans(
             return await query.ToListAsync();
         }
 
-        private static bool BanMatches(
-            ServerBan ban,
+        private static bool BanMatches(ServerBan ban,
             IPAddress? address,
             NetUserId? userId,
-            ImmutableArray<byte>? hwId)
+            ImmutableArray<byte>? hwId,
+            ServerBanExemptFlags? exemptFlags)
         {
-            if (address != null && ban.Address is not null && IPAddressExt.IsInSubnet(address, ban.Address.Value))
+            if (!exemptFlags.GetValueOrDefault(ServerBanExemptFlags.None).HasFlag(ServerBanExemptFlags.IP)
+                && address != null && ban.Address is not null && IPAddressExt.IsInSubnet(address, ban.Address.Value))
             {
                 return true;
             }