From 3bf6d37636e60041b93b5353ee3b42c673a84fc9 Mon Sep 17 00:00:00 2001
From: 4-dash <120916864+4-dash@users.noreply.github.com>
Date: Mon, 25 May 2026 15:10:53 +0200
Subject: [PATCH] IPv6 added

---
 src/feedback/views/public.py | 16 +++++++++++++++-
 src/settings.py              |  7 +++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/feedback/views/public.py b/src/feedback/views/public.py
index 4cbd1f7b..332857a0 100644
--- a/src/feedback/views/public.py
+++ b/src/feedback/views/public.py
@@ -14,6 +14,7 @@
 import uuid, logging
 from django.utils.translation import gettext_lazy as _
 from django.utils import timezone
+import ipaddress
 
 logger = logging.getLogger(__name__)
 
@@ -28,8 +29,21 @@ def index(request):
     if request.user.is_superuser or settings.DEBUG == True:
         authfilter = {}
     else:
-        if not request.META['REMOTE_ADDR'].startswith('130.83.'):
+        remote_addr = request.META.get('REMOTE_ADDR')
+
+        allowed_networks = settings.TU_IP_RANGE
+
+        is_allowed = False
+        if remote_addr:
+            try:
+                client_ip = ipaddress.ip_address(remote_addr)
+                is_allowed = any(client_ip in network for network in allowed_networks)
+            except ValueError:
+                is_allowed = False
+
+        if not is_allowed:
             return render(request, 'public/unauth.html')
+
         authfilter = {'sichtbarkeit': 'ALL'}
 
     # Semesterliste laden
diff --git a/src/settings.py b/src/settings.py
index 348e61cf..7d119690 100644
--- a/src/settings.py
+++ b/src/settings.py
@@ -4,6 +4,7 @@
 # determine if this is a production system
 import os
 import sys
+import ipaddress
 from django.utils.translation import gettext_lazy as _
 
 DEBUG = True
@@ -248,6 +249,12 @@
 THRESH_SHOW = 5
 THRESH_VALID = 20
 
+TU_IP_RANGE = [
+    ipaddress.ip_network('130.83.0.0/16'),
+    ipaddress.ip_network('2001:41b8:800::/40'),
+]
+
+
 DEFAULT_FROM_EMAIL = "Feedback-Team <feedback@fachschaft.informatik.tu-darmstadt.de>"
 SERVER_EMAIL = DEFAULT_FROM_EMAIL