@@ -62,12 +62,21 @@ class GlobalSettings(db.Model):
def load_user ( user_id ) :
return User . query . get ( int ( user_id ) )
def get_real_ip ( ) :
if " CF-Connecting-IP " in request . headers :
return request . headers . get ( " CF-Connecting-IP " )
elif " X-Real-IP " in request . headers :
return request . headers . get ( " X-Real-IP " )
elif " X-Forwarded-For " in request . headers :
forwarded_for = request . headers . get ( " X-Forwarded-For " ) . split ( " , " )
return forwarded_for [ 0 ] . strip ( )
return request . remote_addr
def is_allowed_ip ( remote_ip , allowed_hosts_str ) :
# Jeśli istnieje plik awaryjny, zawsze zezwalamy na dostęp
if os . path . exists ( " emergency_access.txt " ) :
return True
# Rozdzielamy wpisy –
allowed_hosts = re . split ( r ' [ \ n,]+ ' , allowed_hosts_str . strip ( ) )
allowed_ips = set ( )
for host in allowed_hosts :
@@ -75,12 +84,18 @@ def is_allowed_ip(remote_ip, allowed_hosts_str):
if not host :
continue
try :
# Rozwiązywanie nazwy domeny do adresu IP.
resolved_ip = socket . gethostbyname ( host )
allowed_ips . add ( resolved_ip )
except Exception :
# Jeśli rozwiązywanie nazwy nie powiedzie się, pomijamy ten wpis.
continue
# Log reverse DNS dla IP odwiedzającego
try :
hostname = socket . gethostbyaddr ( remote_ip ) [ 0 ]
app . logger . info ( f " Odwiedzający IP: { remote_ip } , host: { hostname } " )
except Exception as e :
app . logger . warning ( f " Reverse DNS nieudane dla { remote_ip } : { e } " )
return remote_ip in allowed_ips
# Dodaj filtr Markdown –
@@ -112,19 +127,6 @@ def zbiorka(zbiorka_id):
abort ( 404 )
return render_template ( ' zbiorka.html ' , zbiorka = zb )
def get_real_ip ( ) :
# Cloudflare
if " CF-Connecting-IP " in request . headers :
return request . headers . get ( " CF-Connecting-IP " )
# Nginx proxy (Nginx Proxy Manager / standard reverse proxy)
elif " X-Real-IP " in request . headers :
return request . headers . get ( " X-Real-IP " )
elif " X-Forwarded-For " in request . headers :
forwarded_for = request . headers . get ( " X-Forwarded-For " ) . split ( " , " )
return forwarded_for [ 0 ] . strip ( )
# Fallback
return request . remote_addr
# TRASY LOGOWANIA I REJESTRACJI
@app.route ( ' /login ' , methods = [ ' GET ' , ' POST ' ] )
@@ -343,6 +345,7 @@ def admin_settings():
flash ( ' Brak uprawnień do panelu administracyjnego ' , ' danger ' )
return redirect ( url_for ( ' index ' ) )
client_ip = get_real_ip ( )
settings = GlobalSettings . query . first ( )
if request . method == ' POST ' :
numer_konta = request . form . get ( ' numer_konta ' )
@@ -365,7 +368,7 @@ def admin_settings():
flash ( ' Ustawienia globalne zostały zaktualizowane ' , ' success ' )
return redirect ( url_for ( ' admin_dashboard ' ) )
return render_template ( ' admin/settings.html ' , settings = settings )
return render_template ( ' admin/settings.html ' , settings = settings , client_ip = client_ip )
@app.route ( ' /admin/zbiorka/oznacz/<int:zbiorka_id> ' , methods = [ ' POST ' ] )
@login_required
@@ -389,6 +392,29 @@ def robots():
robots_txt = " User-agent: * \n Allow: / "
return robots_txt , 200 , { ' Content-Type ' : ' text/plain ' }
@app.route ( ' /debug/headers ' )
def debug_headers ( ) :
ip_sources = {
" CF-Connecting-IP " : request . headers . get ( " CF-Connecting-IP " ) ,
" X-Real-IP " : request . headers . get ( " X-Real-IP " ) ,
" X-Forwarded-For " : request . headers . get ( " X-Forwarded-For " ) ,
" remote_addr " : request . remote_addr ,
}
all_headers = dict ( request . headers )
response_html = " <h2>Nagłówki IP</h2><ul> "
for key , val in ip_sources . items ( ) :
response_html + = f " <li><strong> { key } :</strong> { val } </li> "
response_html + = " </ul><hr><h2>Wszystkie nagłówki</h2><ul> "
for key , val in all_headers . items ( ) :
response_html + = f " <li><strong> { key } :</strong> { val } </li> "
response_html + = " </ul> "
return response_html
if __name__ == ' __main__ ' :
with app . app_context ( ) :
db . create_all ( )
Mateusz Gruszczyński