Add cloud ip bans to BouncerService

app/Http/Controllers/Api/ApiV1Controller.php

@@ -66,6 +66,7 @@ use App\Jobs\VideoPipeline\{
 use App\Services\{
 	AccountService,
 	BookmarkService,
+	BouncerService,
 	CollectionService,
 	FollowerService,
 	InstanceService,
@@ -130,6 +131,11 @@ class ApiV1Controller extends Controller
 		if(!$request->user()) {
 			return response('', 403);
 		}
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$client = $request->user()->token()->client;
 		$res = [
 			'name' => $client->name,
@@ -149,6 +155,10 @@ class ApiV1Controller extends Controller
 			'redirect_uris' 	=> 'required'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$uris = implode(',', explode('\n', $request->redirect_uris));
 
 		$client = Passport::client()->forceFill([
@@ -191,6 +201,10 @@ class ApiV1Controller extends Controller
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$res = $request->has(self::PF_API_ENTITY_KEY) ? AccountService::get($user->profile_id) : AccountService::getMastodon($user->profile_id);
 
 		$res['source'] = [
@@ -213,6 +227,10 @@ class ApiV1Controller extends Controller
 	 */
 	public function accountById(Request $request, $id)
 	{
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$res = $request->has(self::PF_API_ENTITY_KEY) ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
 		if(!$res) {
 			return response()->json(['error' => 'Record not found'], 404);
@@ -229,6 +247,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'avatar'			=> 'sometimes|mimetypes:image/jpeg,image/png|max:' . config('pixelfed.max_avatar_size'),
 			'display_name'      => 'nullable|string|max:30',
@@ -466,6 +488,11 @@ class ApiV1Controller extends Controller
 	public function accountFollowersById(Request $request, $id)
 	{
 		abort_if(!$request->user(), 403);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$account = AccountService::get($id);
 		abort_if(!$account, 404);
 		$pid = $request->user()->profile_id;
@@ -557,6 +584,11 @@ class ApiV1Controller extends Controller
 	public function accountFollowingById(Request $request, $id)
 	{
 		abort_if(!$request->user(), 403);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$account = AccountService::get($id);
 		abort_if(!$account, 404);
 		$pid = $request->user()->profile_id;
@@ -647,6 +679,10 @@ class ApiV1Controller extends Controller
 	 */
 	public function accountStatusesById(Request $request, $id)
 	{
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$this->validate($request, [
@@ -748,6 +784,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$target = Profile::where('id', '!=', $user->profile_id)
@@ -832,6 +872,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$target = Profile::where('id', '!=', $user->profile_id)
@@ -900,6 +944,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'id'    => 'required|array|min:1|max:20',
 			'id.*'  => 'required|integer|min:1|max:' . PHP_INT_MAX
@@ -932,6 +980,10 @@ class ApiV1Controller extends Controller
 			'resolve'   => 'nullable'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$query = $request->input('q');
 		$limit = $request->input('limit') ?? 20;
@@ -971,6 +1023,10 @@ class ApiV1Controller extends Controller
 			'page'      => 'nullable|integer|min:1|max:10'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$limit = $request->input('limit') ?? 40;
 
@@ -1003,6 +1059,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$pid = $user->profile_id ?? $user->profile->id;
 
@@ -1065,6 +1125,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$pid = $user->profile_id ?? $user->profile->id;
 
@@ -1144,6 +1208,10 @@ class ApiV1Controller extends Controller
 			'limit' => 'sometimes|integer|min:1|max:20'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$maxId = $request->input('max_id');
 		$minId = $request->input('min_id');
@@ -1197,6 +1265,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$status = StatusService::getMastodon($id, false);
@@ -1256,6 +1328,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$status = Status::findOrFail($id);
@@ -1312,6 +1388,11 @@ class ApiV1Controller extends Controller
 		$this->validate($request, [
 			'limit' => 'sometimes|integer|min:1|max:100'
 		]);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$res = FollowRequest::whereFollowingId($user->profile->id)
@@ -1552,6 +1633,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'file.*' => [
 				'required_without:file',
@@ -1685,6 +1770,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 		  'description' => 'nullable|string|max:' . config_cache('pixelfed.max_altext_length')
 		]);
@@ -1735,6 +1824,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$media = Media::whereUserId($user->id)
@@ -1756,6 +1849,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 		  	'file.*' => [
 				'required_without:file',
@@ -1929,6 +2026,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$pid = $user->profile_id;
 
@@ -1982,6 +2083,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$pid = $user->profile_id;
 
@@ -2018,6 +2123,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'limit' => 'nullable|integer|min:1|max:100',
 			'min_id' => 'nullable|integer|min:1|max:'.PHP_INT_MAX,
@@ -2097,6 +2206,10 @@ class ApiV1Controller extends Controller
 		  'limit'       => 'sometimes|integer|min:1|max:100'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$napi = $request->has(self::PF_API_ENTITY_KEY);
 		$page = $request->input('page');
 		$min = $request->input('min_id');
@@ -2244,6 +2357,10 @@ class ApiV1Controller extends Controller
 		  'local'		=> 'sometimes'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$napi = $request->has(self::PF_API_ENTITY_KEY);
 		$min = $request->input('min_id');
 		$max = $request->input('max_id');
@@ -2371,6 +2488,10 @@ class ApiV1Controller extends Controller
 			'scope' => 'nullable|in:inbox,sent,requests'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$limit = $request->input('limit', 20);
 		$scope = $request->input('scope', 'inbox');
 		$pid = $request->user()->profile_id;
@@ -2437,6 +2558,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 
 		$res = $request->has(self::PF_API_ENTITY_KEY) ? StatusService::get($id, false) : StatusService::getMastodon($id, false);
@@ -2473,6 +2598,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$pid = $user->profile_id;
 		$status = StatusService::getMastodon($id, false);
@@ -2558,6 +2687,10 @@ class ApiV1Controller extends Controller
 			'limit' => 'sometimes|integer|min:1|max:80'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$limit = $request->input('limit', 10);
 		$user = $request->user();
 		$pid = $user->profile_id;
@@ -2650,6 +2783,10 @@ class ApiV1Controller extends Controller
 			'limit' => 'nullable|integer|min:1|max:80'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$limit = $request->input('limit', 10);
 		$user = $request->user();
 		$pid = $user->profile_id;
@@ -2739,6 +2876,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'status' => 'nullable|string',
 			'in_reply_to_id' => 'nullable',
@@ -2937,6 +3078,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$status = Status::whereProfileId($request->user()->profile->id)
 		->findOrFail($id);
 
@@ -2963,6 +3108,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$status = Status::whereScope('public')->findOrFail($id);
 
@@ -3009,6 +3158,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$user = $request->user();
 		$status = Status::whereScope('public')->findOrFail($id);
 
@@ -3050,6 +3203,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request,[
 		  'page'        => 'nullable|integer|max:40',
 		  'min_id'      => 'nullable|integer|min:0|max:' . PHP_INT_MAX,
@@ -3112,6 +3269,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'limit' => 'nullable|integer|min:1|max:40',
 			'max_id' => 'nullable|integer|min:0',
@@ -3179,6 +3340,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$status = Status::findOrFail($id);
 		$pid = $request->user()->profile_id;
 
@@ -3218,6 +3383,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$status = Status::findOrFail($id);
 		$pid = $request->user()->profile_id;
 
@@ -3249,6 +3418,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'q' => 'required|string|min:1|max:100',
 			'account_id' => 'nullable|string',
@@ -3276,6 +3449,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'limit' => 'integer|min:1|max:40'
 		]);
@@ -3313,6 +3490,10 @@ class ApiV1Controller extends Controller
 			'sort' => 'in:all,newest,popular'
 		]);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$limit = $request->input('limit', 3);
 		$pid = $request->user()->profile_id;
 		$status = StatusService::getMastodon($id, false);
@@ -3404,6 +3585,10 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$status = Status::findOrFail($id);
 		$pid = $request->user()->profile_id;
 		abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
@@ -3420,6 +3605,11 @@ class ApiV1Controller extends Controller
 	public function discoverAccountsPopular(Request $request)
 	{
 		abort_if(!$request->user(), 403);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$pid = $request->user()->profile_id;
 
 		$ids = Cache::remember('api:v1.1:discover:accounts:popular', 86400, function() {
@@ -3467,6 +3657,11 @@ class ApiV1Controller extends Controller
 	public function getPreferences(Request $request)
 	{
 		abort_if(!$request->user(), 403);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$pid = $request->user()->profile_id;
 		$account = AccountService::get($pid);
 
@@ -3514,6 +3709,11 @@ class ApiV1Controller extends Controller
 	public function getMarkers(Request $request)
 	{
 		abort_if(!$request->user(), 403);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$type = $request->input('timeline');
 		if(is_array($type)) {
 			$type = $type[0];
@@ -3534,6 +3734,11 @@ class ApiV1Controller extends Controller
 	public function setMarkers(Request $request)
 	{
 		abort_if(!$request->user(), 403);
+
+		if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$pid = $request->user()->profile_id;
 		$home = $request->input('home.last_read_id');
 		$notifications = $request->input('notifications.last_read_id');

app/Http/Controllers/Api/ApiV1Dot1Controller.php

@@ -23,6 +23,7 @@ use App\Services\ProfileStatusService;
 use App\Services\PublicTimelineService;
 use App\Services\NetworkTimelineService;
 use App\Util\Lexer\RestrictedNames;
+use App\Services\BouncerService;
 use App\Services\EmailService;
 use Illuminate\Support\Str;
 use Illuminate\Support\Facades\Hash;
@@ -65,6 +66,10 @@ class ApiV1Dot1Controller extends Controller
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$report_type = $request->input('report_type');
 		$object_id = $request->input('object_id');
 		$object_type = $request->input('object_type');
@@ -168,6 +173,10 @@ class ApiV1Dot1Controller extends Controller
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$avatar = $user->profile->avatar;
 
 		if( $avatar->media_path == 'public/avatars/default.png' ||
@@ -204,6 +213,10 @@ class ApiV1Dot1Controller extends Controller
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$account = AccountService::get($id);
 
 		if(!$account || $account['username'] !== $request->input('username')) {
@@ -238,6 +251,9 @@ class ApiV1Dot1Controller extends Controller
 		$user = $request->user();
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
 
 		$this->validate($request, [
 			'current_password' => 'bail|required|current_password',
@@ -276,6 +292,9 @@ class ApiV1Dot1Controller extends Controller
 		$user = $request->user();
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
 		$agent = new Agent();
 		$currentIp = $request->ip();
 
@@ -314,6 +333,10 @@ class ApiV1Dot1Controller extends Controller
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$res = [
 			'active' => (bool) $user->{'2fa_enabled'},
 			'setup_at' => $user->{'2fa_setup_at'}
@@ -331,6 +354,9 @@ class ApiV1Dot1Controller extends Controller
 		$user = $request->user();
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
 		$from = config('mail.from.address');
 
 		$emailVerifications = EmailVerification::whereUserId($user->id)
@@ -404,6 +430,10 @@ class ApiV1Dot1Controller extends Controller
 		abort_if(!$user, 403);
 		abort_if($user->status != null, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$res = $user->tokens->sortByDesc('created_at')->take(10)->map(function($token, $key) use($request) {
 			return [
 				'id' => $token->id,
@@ -422,7 +452,7 @@ class ApiV1Dot1Controller extends Controller
 	public function inAppRegistrationPreFlightCheck(Request $request)
 	{
 		return [
-			'open' => config('pixelfed.open_registration'),
+			'open' => config_cache('pixelfed.open_registration'),
 			'iara' => config('pixelfed.allow_app_registration')
 		];
 	}
@@ -430,9 +460,12 @@ class ApiV1Dot1Controller extends Controller
 	public function inAppRegistration(Request $request)
 	{
 		abort_if($request->user(), 404);
-		abort_unless(config('pixelfed.open_registration'), 404);
+		abort_unless(config_cache('pixelfed.open_registration'), 404);
 		abort_unless(config('pixelfed.allow_app_registration'), 404);
 		abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
 		$this->validate($request, [
 			'email' => [
 				'required',
@@ -530,6 +563,9 @@ class ApiV1Dot1Controller extends Controller
 			'ut' => 'required',
 			'rt' => 'required'
 		]);
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
 		$ut = $request->input('ut');
 		$rt = $request->input('rt');
 		$url = 'pixelfed://confirm-account/'. $ut . '?rt=' . $rt;
@@ -539,9 +575,12 @@ class ApiV1Dot1Controller extends Controller
 	public function inAppRegistrationConfirm(Request $request)
 	{
 		abort_if($request->user(), 404);
-		abort_unless(config('pixelfed.open_registration'), 404);
+		abort_unless(config_cache('pixelfed.open_registration'), 404);
 		abort_unless(config('pixelfed.allow_app_registration'), 404);
 		abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
 		$this->validate($request, [
 			'user_token' => 'required',
 			'random_token' => 'required',
@@ -578,6 +617,10 @@ class ApiV1Dot1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$status = Status::whereNull('in_reply_to_id')
 			->whereNull('reblog_of_id')
 			->whereProfileId($request->user()->profile_id)
@@ -606,6 +649,10 @@ class ApiV1Dot1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$status = Status::whereNull('in_reply_to_id')
 			->whereNull('reblog_of_id')
 			->whereProfileId($request->user()->profile_id)
@@ -633,6 +680,10 @@ class ApiV1Dot1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$statuses = Status::whereProfileId($request->user()->profile_id)
 			->whereScope('archived')
 			->orderByDesc('id')
@@ -645,6 +696,10 @@ class ApiV1Dot1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$place = Place::whereSlug($slug)->findOrFail($id);
 
 		$posts = Cache::remember('pf-api:v1.1:places-by-id:' . $place->id, 3600, function() use($place) {
@@ -680,6 +735,10 @@ class ApiV1Dot1Controller extends Controller
 		abort_if(!$request->user(), 403);
 		abort_if($request->user()->is_admin != true, 403);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$this->validate($request, [
 			'action' => 'required|in:cw,mark-public,mark-unlisted,mark-private,mark-spammer,delete'
 		]);

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
+use App\Services\BouncerService;
+use Illuminate\Http\Request;
 
 class ForgotPasswordController extends Controller
 {
@@ -29,4 +31,33 @@ class ForgotPasswordController extends Controller
     {
         $this->middleware('guest');
     }
+
+    /**
+     * Display the form to request a password reset link.
+     *
+     * @return \Illuminate\View\View
+     */
+    public function showLinkRequestForm()
+    {
+		if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
+			abort_if(BouncerService::checkIp(request()->ip()), 404);
+		}
+
+        return view('auth.passwords.email');
+    }
+
+    /**
+     * Validate the email for the given request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
+     */
+    protected function validateEmail(Request $request)
+    {
+		if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
+        $request->validate(['email' => 'required|email']);
+    }
 }

app/Http/Controllers/Auth/LoginController.php

@@ -6,6 +6,7 @@ use App\AccountLog;
 use App\Http\Controllers\Controller;
 use App\User;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use App\Services\BouncerService;
 
 class LoginController extends Controller
 {
@@ -42,6 +43,15 @@ class LoginController extends Controller
         $this->middleware('guest')->except('logout');
     }
 
+    public function showLoginForm()
+    {
+		if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
+			abort_if(BouncerService::checkIp(request()->ip()), 404);
+		}
+
+        return view('auth.login');
+    }
+
     /**
      * Validate the user login request.
      *
@@ -51,6 +61,10 @@ class LoginController extends Controller
      */
     public function validateLogin($request)
     {
+    	if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
         $rules = [
             $this->username() => 'required|email',
             'password'        => 'required|string|min:6',

app/Http/Controllers/Auth/RegisterController.php

@@ -12,6 +12,7 @@ use Illuminate\Support\Facades\Validator;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Http\Request;
 use App\Services\EmailService;
+use App\Services\BouncerService;
 
 class RegisterController extends Controller
 {
@@ -173,6 +174,9 @@ class RegisterController extends Controller
 	public function showRegistrationForm()
 	{
 		if(config_cache('pixelfed.open_registration')) {
+			if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+				abort_if(BouncerService::checkIp(request()->ip()), 404);
+			}
 			$limit = config('pixelfed.max_users');
 			if($limit) {
 				abort_if($limit <= User::count(), 404);
@@ -195,6 +199,10 @@ class RegisterController extends Controller
 	{
 		abort_if(config_cache('pixelfed.open_registration') == false, 400);
 
+		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
 		$count = User::count();
 		$limit = config('pixelfed.max_users');
 

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -4,6 +4,9 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Http\Request;
+use App\Services\BouncerService;
 
 class ResetPasswordController extends Controller
 {
@@ -36,4 +39,51 @@ class ResetPasswordController extends Controller
     {
         $this->middleware('guest');
     }
+
+    /**
+     * Display the password reset view for the given token.
+     *
+     * If no token is present, display the link request form.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     */
+    public function showResetForm(Request $request)
+    {
+		if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
+        $token = $request->route()->parameter('token');
+
+        return view('auth.passwords.reset')->with(
+            ['token' => $token, 'email' => $request->email]
+        );
+    }
+
+    public function reset(Request $request)
+    {
+		if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
+			abort_if(BouncerService::checkIp($request->ip()), 404);
+		}
+
+        $request->validate($this->rules(), $this->validationErrorMessages());
+
+        // Here we will attempt to reset the user's password. If it is successful we
+        // will update the password on an actual user model and persist it to the
+        // database. Otherwise we will parse the error and return the response.
+        $response = $this->broker()->reset(
+            $this->credentials($request), function ($user, $password) {
+                $this->resetPassword($user, $password);
+            }
+        );
+
+        // If the password was successfully reset, we will redirect the user back to
+        // the application's home authenticated view. If there is an error we can
+        // redirect them back to where they came from with their error message.
+        return $response == Password::PASSWORD_RESET
+                    ? $this->sendResetResponse($request, $response)
+                    : $this->sendResetFailedResponse($request, $response);
+    }
+
 }

app/Services/BouncerService.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Services;
+
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Component\HttpFoundation\IpUtils;
+
+class BouncerService
+{
+	public static function checkIp($ip)
+	{
+		$knownCloudCidrs = Cache::rememberForever('pf:bouncer-service:check-ip:known-cloud-cidrs', function() {
+			$file = Storage::get('bouncer/all.json');
+			return json_decode($file, true);
+		});
+
+		return IpUtils::checkIp($ip, $knownCloudCidrs);
+	}
+}

config/pixelfed.php

@@ -259,6 +259,13 @@ return [
 
 	'bouncer' => [
 		'enabled' => env('PF_BOUNCER_ENABLED', false),
+
+		'cloud_ips' => [
+			'ban_logins' => env('PF_BOUNCER_BAN_CLOUD_LOGINS', true),
+			'ban_signups' => env('PF_BOUNCER_BAN_CLOUD_SIGNUPS', true),
+			'ban_api' => env('PF_BOUNCER_BAN_CLOUD_API', true),
+			'ban_api_strict_mode' => env('PF_BOUNCER_BAN_CLOUD_API_STRICT_MODE', true),
+		],
 	],
 
 	/*

storage/app/bouncer/.gitignore

@@ -0,0 +1,3 @@
+*
+!.gitignore
+!all.json