Merge branch 'sh-support-subnets-ip-rate-limiter' into 'master'

Support CIDR notation in IP rate limiter See merge request gitlab-org/gitlab-ce!30146
author: Thong Kuah <tkuah@gitlab.com> 2019-06-28 10:03:10 +0000
committer: Thong Kuah <tkuah@gitlab.com> 2019-06-28 10:03:10 +0000
commit: bac5bfc7dc57e816685f3b8cfd94a4f56473dbc3 (patch)
tree: bfa4ad772794ea23ad35d9c9ab5097e646ffe55b /lib
parent: 2321b337f1487031e2cab8e1a4e778f3aaf8e2da (diff)
parent: 82c31a9addfe87e91b512abb982d2223fa4ed730 (diff)
download: gitlab-ce-bac5bfc7dc57e816685f3b8cfd94a4f56473dbc3.tar.gz
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/gitlab/auth/ip_rate_limiter.rb b/lib/gitlab/auth/ip_rate_limiter.rb
index 81e616fa20a..0b7055b3256 100644
--- a/lib/gitlab/auth/ip_rate_limiter.rb
+++ b/lib/gitlab/auth/ip_rate_limiter.rb
@@ -3,6 +3,8 @@
 module Gitlab
   module Auth
     class IpRateLimiter
+      include ::Gitlab::Utils::StrongMemoize
+
       attr_reader :ip
 
       def initialize(ip)
@@ -37,7 +39,20 @@ module Gitlab
       end
 
       def ip_can_be_banned?
-        config.ip_whitelist.exclude?(ip)
+        !trusted_ip?
+      end
+
+      def trusted_ip?
+        trusted_ips.any? { |netmask| netmask.include?(ip) }
+      end
+
+      def trusted_ips
+        strong_memoize(:trusted_ips) do
+          config.ip_whitelist.map do |proxy|
+            IPAddr.new(proxy)
+          rescue IPAddr::InvalidAddressError
+          end.compact
+        end
       end
     end
   end
author	Thong Kuah <tkuah@gitlab.com>	2019-06-28 10:03:10 +0000
committer	Thong Kuah <tkuah@gitlab.com>	2019-06-28 10:03:10 +0000
commit	bac5bfc7dc57e816685f3b8cfd94a4f56473dbc3 (patch)
tree	bfa4ad772794ea23ad35d9c9ab5097e646ffe55b /lib
parent	2321b337f1487031e2cab8e1a4e778f3aaf8e2da (diff)
parent	82c31a9addfe87e91b512abb982d2223fa4ed730 (diff)
download	gitlab-ce-bac5bfc7dc57e816685f3b8cfd94a4f56473dbc3.tar.gz