From 5eba1d230a2c9aeacbe33af27458db86e2c97236 Mon Sep 17 00:00:00 2001
From: Chief-Engineer <119664036+Chief-Engineer@users.noreply.github.com>
Date: Thu, 27 Apr 2023 13:59:18 -0500
Subject: [PATCH] Add IP ban exemption flag (#15815)

---
 Content.Server.Database/Model.cs            |  8 ++++++++
 Content.Server/Database/ServerDbPostgres.cs |  2 +-
 Content.Server/Database/ServerDbSqlite.cs   | 13 +++++++------
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/Content.Server.Database/Model.cs b/Content.Server.Database/Model.cs
index b5274fe9e6..628f798c6f 100644
--- a/Content.Server.Database/Model.cs
+++ b/Content.Server.Database/Model.cs
@@ -459,6 +459,14 @@ namespace Content.Server.Database
         /// Ban is a datacenter range, connections usually imply usage of a VPN service.
         /// </summary>
         Datacenter = 1 << 0,
+
+        /// <summary>
+        /// Ban only matches the IP.
+        /// </summary>
+        /// <remarks>
+        /// Intended use is for users with shared connections. This should not be used as an alternative to <see cref="Datacenter"/>.
+        /// </remarks>
+        IP = 1 << 1,
         // @formatter:on
     }
 
diff --git a/Content.Server/Database/ServerDbPostgres.cs b/Content.Server/Database/ServerDbPostgres.cs
index cfc37da546..ae700573c5 100644
--- a/Content.Server/Database/ServerDbPostgres.cs
+++ b/Content.Server/Database/ServerDbPostgres.cs
@@ -119,7 +119,7 @@ namespace Content.Server.Database
                 query = query == null ? newQ : query.Union(newQ);
             }
 
-            if (address != null)
+            if (address != null && !exemptFlags.GetValueOrDefault(ServerBanExemptFlags.None).HasFlag(ServerBanExemptFlags.IP))
             {
                 var newQ = db.PgDbContext.Ban
                     .Include(p => p.Unban)
diff --git a/Content.Server/Database/ServerDbSqlite.cs b/Content.Server/Database/ServerDbSqlite.cs
index 20b4f5c628..e9b1b23859 100644
--- a/Content.Server/Database/ServerDbSqlite.cs
+++ b/Content.Server/Database/ServerDbSqlite.cs
@@ -74,7 +74,7 @@ namespace Content.Server.Database
             // So just pull down the whole list into memory.
             var bans = await GetAllBans(db.SqliteDbContext, includeUnbanned: false, exempt);
 
-            return bans.FirstOrDefault(b => BanMatches(b, address, userId, hwId)) is { } foundBan
+            return bans.FirstOrDefault(b => BanMatches(b, address, userId, hwId, exempt)) is { } foundBan
                 ? ConvertBan(foundBan)
                 : null;
         }
@@ -92,7 +92,7 @@ namespace Content.Server.Database
             var queryBans = await GetAllBans(db.SqliteDbContext, includeUnbanned, exempt);
 
             return queryBans
-                .Where(b => BanMatches(b, address, userId, hwId))
+                .Where(b => BanMatches(b, address, userId, hwId, exempt))
                 .Select(ConvertBan)
                 .ToList()!;
         }
@@ -117,13 +117,14 @@ namespace Content.Server.Database
             return await query.ToListAsync();
         }
 
-        private static bool BanMatches(
-            ServerBan ban,
+        private static bool BanMatches(ServerBan ban,
             IPAddress? address,
             NetUserId? userId,
-            ImmutableArray<byte>? hwId)
+            ImmutableArray<byte>? hwId,
+            ServerBanExemptFlags? exemptFlags)
         {
-            if (address != null && ban.Address is not null && IPAddressExt.IsInSubnet(address, ban.Address.Value))
+            if (!exemptFlags.GetValueOrDefault(ServerBanExemptFlags.None).HasFlag(ServerBanExemptFlags.IP)
+                && address != null && ban.Address is not null && IPAddressExt.IsInSubnet(address, ban.Address.Value))
             {
                 return true;
             }