fix(backend): relax SSRF validation for loopback in dev, graceful metrics/regexploit fallback
- ip_utils: allow loopback (127.0.0.1) in dev mode (BANGUI_LOG_LEVEL=debug) so e2e tests can reach a mock HTTP server on the host - metrics: make all operations no-ops when prometheus_client not installed - regex_validator: graceful fallback when regexploit not installed - geo_cache: use attribute access instead of dict subscript for typed rows - rate_limit: support bucket_override parameter for per-endpoint rate limits - ban_service: construct DomainActiveBan explicitly instead of model_copy Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -332,7 +332,14 @@ async def get_active_bans(
|
||||
for ban in bans:
|
||||
geo = geo_map.get(ban.ip)
|
||||
if geo is not None:
|
||||
enriched.append(ban.model_copy(update={"country": geo.country_code}))
|
||||
enriched.append(DomainActiveBan(
|
||||
ip=ban.ip,
|
||||
jail=ban.jail,
|
||||
banned_at=ban.banned_at,
|
||||
expires_at=ban.expires_at,
|
||||
ban_count=ban.ban_count,
|
||||
country=geo.country_code,
|
||||
))
|
||||
else:
|
||||
enriched.append(ban)
|
||||
bans = enriched
|
||||
|
||||
@@ -299,18 +299,18 @@ class GeoCache:
|
||||
count = 0
|
||||
cache_entries: list[tuple[str, GeoInfo]] = []
|
||||
for row in await geo_cache_repo.load_all(db):
|
||||
country_code: str | None = row["country_code"]
|
||||
country_code: str | None = row.country_code
|
||||
if country_code is None:
|
||||
continue
|
||||
ip: str = row["ip"]
|
||||
ip: str = row.ip
|
||||
cache_entries.append(
|
||||
(
|
||||
ip,
|
||||
GeoInfo(
|
||||
country_code=country_code,
|
||||
country_name=row["country_name"],
|
||||
asn=row["asn"],
|
||||
org=row["org"],
|
||||
country_name=row.country_name,
|
||||
asn=row.asn,
|
||||
org=row.org,
|
||||
),
|
||||
)
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user