CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
module Mdm::Workspace::BoundaryRange
2
  extend ActiveSupport::Concern
3

4
  included do
5
    #
6
    # Validations
7
    #
8

9
    validate :boundary_must_be_ip_range
10

11
    #
12
    # Instance Methods
13
    #
14

15
    # If {#limit_to_network} is disabled, this will always return `true`.
16
    # Otherwise, return `true` only if all of the given IPs are within the
17
    # project {#boundary boundaries}.
18

19
    #
20
    # @param ips [String] IP range(s)
21
    # @return [true] if actions on ips are allowed.
22
    # @return [false] if actions are not allowed on ips.
23
    def allow_actions_on?(ips)
24
      return true unless limit_to_network
25
      return true unless boundary
26
      return true if boundary.empty?
27
      boundaries = Shellwords.split(boundary)
28
      return true if boundaries.empty? # It's okay if there is no boundary range after all
29
      given_range = Rex::Socket::RangeWalker.new(ips)
30
      return false unless given_range # Can't do things to nonexistant IPs
31
      allowed = false
32
      boundaries.each do |boundary_range|
33
        ok_range = Rex::Socket::RangeWalker.new(boundary)
34
        allowed  = true if ok_range.include_range? given_range
35
      end
36
      return allowed
37
    end
38

39
    # Validates that {#boundary} is {#valid_ip_or_range? a valid IP address or
40
    # IP address range}. Due to this not being tested before it was moved here
41
    # from Mdm, the default workspace does not validate. We always validate boundaries
42
    # and a workspace may have a blank default boundary.
43
    #
44
    # @return [void]
45
    def boundary_must_be_ip_range
46
      unless boundary.blank?
47
        begin
48
          boundaries = Shellwords.split(boundary)
49
        rescue ArgumentError
50
          boundaries = []
51
        end
52

53
        boundaries.each do |range|
54
          unless valid_ip_or_range?(range)
55
            errors.add(:boundary, "must be a valid IP range")
56
          end
57
        end
58
      end
59
    end
60

61
    # Returns an array of addresses ranges
62
    #
63
    # @return [Array<String>]
64
    def addresses
65
      (boundary || "").split("\n")
66
    end
67

68
    private
69

70
    # Returns whether `string` is a valid IP address or IP address range.
71
    #
72
    # @return [true] if valid IP address or IP address range.
73
    # @return [false] otherwise.
74
    def valid_ip_or_range?(string)
75
      range = Rex::Socket::RangeWalker.new(string)
76
      range && range.ranges && range.ranges.any?
77
    end
78

79
  end
80

81

82
end
83

84