diff options
Diffstat (limited to 'MediaBrowser.Common/Net')
| -rw-r--r-- | MediaBrowser.Common/Net/INetworkManager.cs | 4 | ||||
| -rw-r--r-- | MediaBrowser.Common/Net/NetworkUtils.cs | 21 | ||||
| -rw-r--r-- | MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs | 29 |
3 files changed, 47 insertions, 7 deletions
diff --git a/MediaBrowser.Common/Net/INetworkManager.cs b/MediaBrowser.Common/Net/INetworkManager.cs index d838144ff..bd785bcbc 100644 --- a/MediaBrowser.Common/Net/INetworkManager.cs +++ b/MediaBrowser.Common/Net/INetworkManager.cs @@ -127,7 +127,7 @@ namespace MediaBrowser.Common.Net /// Checks if <paramref name="remoteIP"/> has access to the server. /// </summary> /// <param name="remoteIP">IP address of the client.</param> - /// <returns><b>True</b> if it has access, otherwise <b>false</b>.</returns> - bool HasRemoteAccess(IPAddress remoteIP); + /// <returns>The result of evaluating the access policy, <c>Allow</c> if it should be allowed.</returns> + RemoteAccessPolicyResult ShouldAllowServerAccess(IPAddress remoteIP); } } diff --git a/MediaBrowser.Common/Net/NetworkUtils.cs b/MediaBrowser.Common/Net/NetworkUtils.cs index a498d6271..24ed47a81 100644 --- a/MediaBrowser.Common/Net/NetworkUtils.cs +++ b/MediaBrowser.Common/Net/NetworkUtils.cs @@ -198,14 +198,25 @@ public static partial class NetworkUtils /// <returns><c>True</c> if parsing was successful.</returns> public static bool TryParseToSubnet(ReadOnlySpan<char> value, [NotNullWhen(true)] out IPNetwork? result, bool negated = false) { + // If multiple IP addresses are in a comma-separated string, the individual addresses may contain leading and/or trailing whitespace value = value.Trim(); + + bool isAddressNegated = false; + if (value.StartsWith('!')) + { + isAddressNegated = true; + value = value[1..]; // Remove leading '!' character + } + + if (isAddressNegated != negated) + { + result = null; + return false; + } + if (value.Contains('/')) { - if (negated && value.StartsWith("!") && IPNetwork.TryParse(value[1..], out result)) - { - return true; - } - else if (!negated && IPNetwork.TryParse(value, out result)) + if (IPNetwork.TryParse(value, out result)) { return true; } diff --git a/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs b/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs new file mode 100644 index 000000000..193d37228 --- /dev/null +++ b/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs @@ -0,0 +1,29 @@ +using System; + +namespace MediaBrowser.Common.Net; + +/// <summary> +/// Result of <see cref="INetworkManager.ShouldAllowServerAccess" />. +/// </summary> +public enum RemoteAccessPolicyResult +{ + /// <summary> + /// The connection should be allowed. + /// </summary> + Allow, + + /// <summary> + /// The connection should be rejected since it is not from a local IP and remote access is disabled. + /// </summary> + RejectDueToRemoteAccessDisabled, + + /// <summary> + /// The connection should be rejected since it is from a blocklisted IP. + /// </summary> + RejectDueToIPBlocklist, + + /// <summary> + /// The connection should be rejected since it is from a remote IP that is not in the allowlist. + /// </summary> + RejectDueToNotAllowlistedRemoteIP, +} |