Allow use of IP ranges for SEARCH_CLIENTS

Allows the use of IP ranges in CIDR format in the SEARCH_CLIENTS
parameter. Individual addresses can still be specified and continue to
work like before.

diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py
index f711ce431bcc7715ee049adeb983a6ec0734ded1..885f80875f98b315eb4dd6b9ad85822450f9d19c 100644 (file)
--- a/django/archives/mailarchives/views.py
+++ b/django/archives/mailarchives/views.py
@@ -20,6 +20,7 @@ import email.parser
 import email.policy
 from io import BytesIO
 from urllib.parse import quote
+import ipaddress
 
 import json
 
@@ -709,7 +710,12 @@ def search(request):
         return HttpResponseForbidden('Not public archives')
 
     # Only certain hosts are allowed to call the search API
-    if not request.META['REMOTE_ADDR'] in settings.SEARCH_CLIENTS:
+    allowed = False
+    for ip_range in settings.SEARCH_CLIENTS:
+        if ipaddress.ip_address(request.META['REMOTE_ADDR']) in ipaddress.ip_network(ip_range):
+            allowed = True
+            break
+    if not allowed:
         return HttpResponseForbidden('Invalid host')
 
     curs = connection.cursor()