Add support for IP-based bans (#1703)

* Add support for IP-based bans. Closes #1534

* Linter cleanup

router/middleware/auth.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/owncast/owncast/core/data"
 	"github.com/owncast/owncast/core/user"
+	"github.com/owncast/owncast/utils"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -101,6 +102,16 @@ func RequireUserAccessToken(handler http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
+		ipAddress := utils.GetIPAddressFromRequest(r)
+		// Check if this client's IP address is banned.
+		if blocked, err := data.IsIPAddressBanned(ipAddress); blocked {
+			log.Debugln("Client ip address has been blocked. Rejecting.")
+			accessDenied(w)
+			return
+		} else if err != nil {
+			log.Errorln("error determining if IP address is blocked: ", err)
+		}
+
 		// A user is required to use the websocket
 		user := user.GetUserByToken(accessToken)
 		if user == nil || !user.IsEnabled() {

router/router.go

@@ -121,6 +121,15 @@ func Start() error {
 	// Enable/disable a user
 	http.HandleFunc("/api/admin/chat/users/setenabled", middleware.RequireAdminAuth(admin.UpdateUserEnabled))
 
+	// Ban/unban an IP address
+	http.HandleFunc("/api/admin/chat/users/ipbans/create", middleware.RequireAdminAuth(admin.BanIPAddress))
+
+	// Remove an IP address ban
+	http.HandleFunc("/api/admin/chat/users/ipbans/remove", middleware.RequireAdminAuth(admin.UnBanIPAddress))
+
+	// Return all the banned IP addresses
+	http.HandleFunc("/api/admin/chat/users/ipbans", middleware.RequireAdminAuth(admin.GetIPAddressBans))
+
 	// Get a list of disabled users
 	http.HandleFunc("/api/admin/chat/users/disabled", middleware.RequireAdminAuth(admin.GetDisabledUsers))