Run pipeline on push, tag only

.drone.yml

@@ -27,3 +27,8 @@ steps:
     when:
       event:
         - tag
+
+trigger:
+  event:
+    - push
+    - tag

ljg/core/admin.py

@@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.

ljg/core/apps.py

@@ -1,6 +0,0 @@
-from django.apps import AppConfig
-
-
-class CoreConfig(AppConfig):
-    default_auto_field = "django.db.models.BigAutoField"
-    name = "ljg.core"

ljg/core/tests.py

@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.

ljg/ip/urls.py

@@ -0,0 +1,7 @@
+from django.urls import path
+
+from . import views
+
+urlpatterns = [
+    path("ip/", views.remote_ip, name="remote_ip"),
+]

ljg/ip/views.py

@@ -0,0 +1,52 @@
+import re
+
+from django.conf import settings
+from django.core.exceptions import SuspiciousOperation
+from django.http import HttpResponse
+from django.shortcuts import redirect
+
+
+def hosts_pattern():
+    hosts = []
+    for host in settings.ALLOWED_HOSTS:
+        if host == "*":
+            return ".*"
+
+        if host.startswith("."):
+            host = host.removeprefix(".")
+            hosts.append(f"(?:.+\.)?{re.escape(host)}")
+
+        hosts.append(re.escape(host))
+
+    if hosts == []:
+        hosts = ["(?:.+\.)?localhost(?::\d+)?", "127.0.0.1(?::\d+)?", "[::1](?::\d+)?"]
+
+    return "|".join(hosts)
+
+
+match_next_url = re.compile(f"^http(s?)://(?:{hosts_pattern()})(?:/|$)", re.IGNORECASE)
+
+
+def remote_ip(request):
+    if "x-forwarded-for" in request.headers:
+        remote_addr = request.headers["x-forwarded-for"].split(",")[0]
+    else:
+        remote_addr = request.META["REMOTE_ADDR"]
+
+    q = request.GET.copy()
+    q.appendlist("addr", remote_addr)
+
+    if "next" in q:
+        next = q.pop("next")
+        if len(next) > 1:
+            q.setlist("next", next[1:])
+        next = next[0]
+
+        if (m := match_next_url.match(next)) is None or m[1] != {False: "", True: "s"}[
+            request.is_secure()
+        ]:
+            raise SuspiciousOperation(f"invalid redirect url {next}")
+
+        return redirect(next + f"?{q.urlencode()}")
+
+    return HttpResponse(",".join(q.getlist("addr")), "text/plain")

ljg/redirect/admin.py

@@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.

ljg/redirect/apps.py

@@ -1,6 +0,0 @@
-from django.apps import AppConfig
-
-
-class RedirectConfig(AppConfig):
-    default_auto_field = "django.db.models.BigAutoField"
-    name = "ljg.redirect"

ljg/redirect/tests.py

@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.

ljg/settings.py

@@ -43,9 +43,10 @@ INSTALLED_APPS = [
     "django.contrib.sessions",
     "django.contrib.messages",
     "django.contrib.staticfiles",
-    "ljg.core.apps.CoreConfig",
-    "ljg.redirect.apps.RedirectConfig",
     "mozilla_django_oidc",
+    "ljg.core",
+    "ljg.ip",
+    "ljg.redirect",
 ]
 
 MIDDLEWARE = [
@@ -127,11 +128,13 @@ USE_TZ = True
 STATIC_ROOT = BASE_DIR / "static"
 STATIC_URL = "static/"
 
+
 # Default primary key field type
 # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
 
+
 APP_TITLE = env.str("APP_TITLE", "ljg.sh")
 
 AUTHENTICATION_BACKENDS = (

ljg/urls.py

@@ -19,6 +19,7 @@ from django.urls import include, path
 
 urlpatterns = [
     path("", include("ljg.core.urls")),
+    path("", include("ljg.ip.urls")),
     path("", include("ljg.redirect.urls")),
     path("admin/", admin.site.urls),
     path("oidc/", include("mozilla_django_oidc.urls")),