From 44b5de156886995fdcf881cbc1208505ad0e8b0e Mon Sep 17 00:00:00 2001
From: jade <software@lfcode.ca>
Date: Tue, 3 Jun 2025 14:22:30 -0700
Subject: Fix missing logging of connections by disallowed IPs (#14011)

---
 .../Extensions/HttpContextExtensions.cs            |  2 +-
 MediaBrowser.Common/Net/INetworkManager.cs         |  4 +--
 .../Net/RemoteAccessPolicyResult.cs                | 29 ++++++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)
 create mode 100644 MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs

(limited to 'MediaBrowser.Common')

diff --git a/MediaBrowser.Common/Extensions/HttpContextExtensions.cs b/MediaBrowser.Common/Extensions/HttpContextExtensions.cs
index a1056b7c8..739a53c7a 100644
--- a/MediaBrowser.Common/Extensions/HttpContextExtensions.cs
+++ b/MediaBrowser.Common/Extensions/HttpContextExtensions.cs
@@ -12,7 +12,7 @@ namespace MediaBrowser.Common.Extensions
         /// Checks the origin of the HTTP context.
         /// </summary>
         /// <param name="context">The incoming HTTP context.</param>
-        /// <returns><c>true</c> if the request is coming from LAN, <c>false</c> otherwise.</returns>
+        /// <returns><c>true</c> if the request is coming from the same machine as is running the server, <c>false</c> otherwise.</returns>
         public static bool IsLocal(this HttpContext context)
         {
             return (context.Connection.LocalIpAddress is null
diff --git a/MediaBrowser.Common/Net/INetworkManager.cs b/MediaBrowser.Common/Net/INetworkManager.cs
index d838144ff..bd785bcbc 100644
--- a/MediaBrowser.Common/Net/INetworkManager.cs
+++ b/MediaBrowser.Common/Net/INetworkManager.cs
@@ -127,7 +127,7 @@ namespace MediaBrowser.Common.Net
         /// Checks if <paramref name="remoteIP"/> has access to the server.
         /// </summary>
         /// <param name="remoteIP">IP address of the client.</param>
-        /// <returns><b>True</b> if it has access, otherwise <b>false</b>.</returns>
-        bool HasRemoteAccess(IPAddress remoteIP);
+        /// <returns>The result of evaluating the access policy, <c>Allow</c> if it should be allowed.</returns>
+        RemoteAccessPolicyResult ShouldAllowServerAccess(IPAddress remoteIP);
     }
 }
diff --git a/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs b/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs
new file mode 100644
index 000000000..193d37228
--- /dev/null
+++ b/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs
@@ -0,0 +1,29 @@
+using System;
+
+namespace MediaBrowser.Common.Net;
+
+/// <summary>
+/// Result of <see cref="INetworkManager.ShouldAllowServerAccess" />.
+/// </summary>
+public enum RemoteAccessPolicyResult
+{
+    /// <summary>
+    /// The connection should be allowed.
+    /// </summary>
+    Allow,
+
+    /// <summary>
+    /// The connection should be rejected since it is not from a local IP and remote access is disabled.
+    /// </summary>
+    RejectDueToRemoteAccessDisabled,
+
+    /// <summary>
+    /// The connection should be rejected since it is from a blocklisted IP.
+    /// </summary>
+    RejectDueToIPBlocklist,
+
+    /// <summary>
+    /// The connection should be rejected since it is from a remote IP that is not in the allowlist.
+    /// </summary>
+    RejectDueToNotAllowlistedRemoteIP,
+}
-- 
cgit v1.2.3