From 250d3734ff35b3af9adf51cf3840f957cb682790 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9lestin=20Matte?= <gitlab@cmatte.me>
Date: Thu, 21 Oct 2021 21:50:38 +0200
Subject: [PATCH] Allow use of IP ranges for SEARCH_CLIENTS

---
 django/archives/mailarchives/views.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py
index f711ce4..885f808 100644
--- a/django/archives/mailarchives/views.py
+++ b/django/archives/mailarchives/views.py
@@ -20,6 +20,7 @@ import email.parser
 import email.policy
 from io import BytesIO
 from urllib.parse import quote
+import ipaddress
 
 import json
 
@@ -709,7 +710,12 @@ def search(request):
         return HttpResponseForbidden('Not public archives')
 
     # Only certain hosts are allowed to call the search API
-    if not request.META['REMOTE_ADDR'] in settings.SEARCH_CLIENTS:
+    allowed = False
+    for ip_range in settings.SEARCH_CLIENTS:
+        if ipaddress.ip_address(request.META['REMOTE_ADDR']) in ipaddress.ip_network(ip_range):
+            allowed = True
+            break
+    if not allowed:
         return HttpResponseForbidden('Invalid host')
 
     curs = connection.cursor()
-- 
2.33.1