From 39ab6e57d391fd9e6b6cd7b8e81b4140d8864a37 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Fri, 20 Aug 2021 22:52:02 +0200
Subject: allow registration to be denied for certain IPs, e.g. known spammers

(yes, there are actually spambots flooding people with unsolicited
registration e-mails)
---
 lib/Travelynx/Controller/Account.pm | 16 ++++++++++++++++
 templates/_invalid_input.html.ep    |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index db02dd1..12a059a 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -85,6 +85,22 @@ sub register {
 		return;
 	}
 
+	if ( my $registration_denylist
+		= $self->app->config->{registration}->{denylist} )
+	{
+		open( my $fh, "<", $registration_denylist )
+		  or die("cannot open($registration_denylist)");
+		while ( my $line = <$fh> ) {
+			chomp $line;
+			if ( $ip eq $line ) {
+				close($fh);
+				$self->render( 'register', invalid => "denylist" );
+				return;
+			}
+		}
+		close($fh);
+	}
+
 	if ( my $error = $self->users->is_name_invalid( name => $user ) ) {
 		$self->render( 'register', invalid => $error );
 		return;
diff --git a/templates/_invalid_input.html.ep b/templates/_invalid_input.html.ep
index 4cebf29..6b0fb65 100644
--- a/templates/_invalid_input.html.ep
+++ b/templates/_invalid_input.html.ep
@@ -78,6 +78,10 @@
 					<p>Aus Sicherheitsgründen kann der Account nur nach Passworteingabe
 					gelöscht werden.</p>
 				% }
+				% elsif ($invalid eq 'denylist') {
+					<span class="card-title">Registrierung deaktiviert</span>
+					<p>Für diesen Zugang ist derzeit keine Registrierung möglich.</p>
+				% }
 				% else {
 					<span class="card-title">Fehler</span>
 					<p><%= $invalid %></p>
-- 
cgit v1.2.3