From eccdaa1274ba36eed7a3fe1bc8ce612285f70622 Mon Sep 17 00:00:00 2001
From: nex <me@nexy7574.co.uk>
Date: Sun, 9 Apr 2023 21:15:39 +0100
Subject: [PATCH] Properly detect invalid IP addresses to avoid sending bad
 requests

---
 web/server.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/web/server.py b/web/server.py
index 629b030..491750e 100644
--- a/web/server.py
+++ b/web/server.py
@@ -1,3 +1,5 @@
+import ipaddress
+
 import discord
 import os
 import httpx
@@ -133,7 +135,8 @@ async def authenticate(req: Request, code: str = None, state: str = None):
             )
         
         # Now send a request to https://ip-api.com/json/{ip}?fields=status,city,zip,lat,lon,isp,query
-        if req.client.host not in ("127.0.0.1", "localhost", "::1"):
+        _host = ipaddress.ip_address(req.client.host)
+        if not any((_host.is_loopback, _host.is_private, _host.is_reserved, _host.is_unspecified)):
             response = app.state.http.get(
                 f"http://ip-api.com/json/{req.client.host}?fields=status,city,zip,lat,lon,isp,query,proxy,hosting"
             )