ip blocker only call next after validation (#1791)

* only call next after validation * lets the blocked ips wait :) * calles suggestion :)
2024-11-19 18:11:30 +01:00 · 2023-07-03 10:26:35 +02:00 · 2023-07-03 10:26:35 +02:00 · fe393b83ab
commit fe393b83ab
parent bc55d52ea2
1 changed files with 9 additions and 7 deletions
--- a/lnbits/middleware.py
+++ b/lnbits/middleware.py
@ -1,3 +1,4 @@
 import asyncio
 from http import HTTPStatus
 from typing import Any, List, Tuple, Union
 from urllib.parse import parse_qs
@ -205,19 +206,20 @@ def add_ratelimit_middleware(app: FastAPI):
 def add_ip_block_middleware(app: FastAPI):
    @app.middleware("http")
    async def block_allow_ip_middleware(request: Request, call_next):
        response = await call_next(request)
        if not request.client:
            return JSONResponse(
-                status_code=429,
+                status_code=403,  # Forbidden
                content={"detail": "No request client"},
            )
-        if request.client.host in settings.lnbits_allowed_ips:
+        if (
-            return response
+            request.client.host in settings.lnbits_blocked_ips
-        if request.client.host in settings.lnbits_blocked_ips:
+            and request.client.host not in settings.lnbits_allowed_ips
        ):
            await asyncio.sleep(5)
            return JSONResponse(
-                status_code=429,
+                status_code=403,  # Forbidden
                content={"detail": "IP is blocked"},
            )
-        return response
+        return await call_next(request)
    app.middleware("http")(block_allow_ip_middleware)