diff --git a/.core_files.yaml b/.core_files.yaml index 374a8957bcc..b07dc04cd15 100644 --- a/.core_files.yaml +++ b/.core_files.yaml @@ -64,6 +64,7 @@ components: &components - homeassistant/components/group/* - homeassistant/components/hassio/* - homeassistant/components/homeassistant/** + - homeassistant/components/http/** - homeassistant/components/image/* - homeassistant/components/input_boolean/* - homeassistant/components/input_button/* diff --git a/homeassistant/components/http/__init__.py b/homeassistant/components/http/__init__.py index bb168fce09f..764138ca5f3 100644 --- a/homeassistant/components/http/__init__.py +++ b/homeassistant/components/http/__init__.py @@ -1,11 +1,11 @@ """Support to serve the Home Assistant API as WSGI application.""" from __future__ import annotations -from ipaddress import ip_network +from ipaddress import IPv4Network, IPv6Network, ip_network import logging import os import ssl -from typing import Any, Final, Optional, TypedDict, cast +from typing import Any, Final, Optional, TypedDict, Union, cast from aiohttp import web from aiohttp.typedefs import StrOrURL @@ -109,7 +109,7 @@ class ConfData(TypedDict, total=False): ssl_key: str cors_allowed_origins: list[str] use_x_forwarded_for: bool - trusted_proxies: list[str] + trusted_proxies: list[IPv4Network | IPv6Network] login_attempts_threshold: int ip_ban_enabled: bool ssl_profile: str @@ -216,7 +216,7 @@ class HomeAssistantHTTP: ssl_key: str | None, server_host: list[str] | None, server_port: int, - trusted_proxies: list[str], + trusted_proxies: list[IPv4Network | IPv6Network], ssl_profile: str, ) -> None: """Initialize the HTTP Home Assistant server.""" @@ -399,7 +399,8 @@ async def start_http_server_and_save_config( if CONF_TRUSTED_PROXIES in conf: conf[CONF_TRUSTED_PROXIES] = [ - str(ip.network_address) for ip in conf[CONF_TRUSTED_PROXIES] + str(cast(Union[IPv4Network, IPv6Network], ip).network_address) + for ip in conf[CONF_TRUSTED_PROXIES] ] store.async_delay_save(lambda: conf, SAVE_DELAY) diff --git a/homeassistant/components/http/ban.py b/homeassistant/components/http/ban.py index b50555b9841..292c46e55f9 100644 --- a/homeassistant/components/http/ban.py +++ b/homeassistant/components/http/ban.py @@ -6,7 +6,7 @@ from collections.abc import Awaitable, Callable from contextlib import suppress from datetime import datetime from http import HTTPStatus -from ipaddress import ip_address +from ipaddress import IPv4Address, IPv6Address, ip_address import logging from socket import gethostbyaddr, herror from typing import Any, Final @@ -189,7 +189,11 @@ async def process_success_login(request: Request) -> None: class IpBan: """Represents banned IP address.""" - def __init__(self, ip_ban: str, banned_at: datetime | None = None) -> None: + def __init__( + self, + ip_ban: str | IPv4Address | IPv6Address, + banned_at: datetime | None = None, + ) -> None: """Initialize IP Ban object.""" self.ip_address = ip_address(ip_ban) self.banned_at = banned_at or dt_util.utcnow() diff --git a/homeassistant/components/http/forwarded.py b/homeassistant/components/http/forwarded.py index ff50e9bd965..c0aaa31fab0 100644 --- a/homeassistant/components/http/forwarded.py +++ b/homeassistant/components/http/forwarded.py @@ -2,7 +2,7 @@ from __future__ import annotations from collections.abc import Awaitable, Callable -from ipaddress import ip_address +from ipaddress import IPv4Network, IPv6Network, ip_address import logging from types import ModuleType from typing import Literal @@ -17,7 +17,9 @@ _LOGGER = logging.getLogger(__name__) @callback def async_setup_forwarded( - app: Application, use_x_forwarded_for: bool | None, trusted_proxies: list[str] + app: Application, + use_x_forwarded_for: bool | None, + trusted_proxies: list[IPv4Network | IPv6Network], ) -> None: """Create forwarded middleware for the app.