From 7ab877d6bd12857a9899956a92087d24af5db022 Mon Sep 17 00:00:00 2001
From: miteruzo <miteruzo@naver.com>
Date: Mon, 4 May 2026 15:36:13 +0900
Subject: [PATCH] #327

---
 .../app/controllers/application_controller.rb | 21 ++++++++++++++++---
 backend/app/models/ip_address.rb              |  3 ++-
 backend/app/models/user.rb                    |  3 ++-
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/backend/app/controllers/application_controller.rb b/backend/app/controllers/application_controller.rb
index 0d412e0..4f3d6ed 100644
--- a/backend/app/controllers/application_controller.rb
+++ b/backend/app/controllers/application_controller.rb
@@ -1,14 +1,16 @@
 class ApplicationController < ActionController::API
+  before_action :reject_banned_ip_address!
   before_action :authenticate_user
+  before_action :reject_banned_user!
 
-  def current_user
-    @current_user
-  end
+  def current_user = @current_user
 
   private
 
   def authenticate_user
     code = request.headers['X-Transfer-Code'] || request.headers['HTTP_X_TRANSFER_CODE']
+    return if code.blank?
+
     @current_user = User.find_by(inheritance_code: code)
   end
 
@@ -22,4 +24,17 @@ class ApplicationController < ActionController::API
       s.in?(['', '1', 'true', 'on', 'yes'])
     end
   end
+
+  def reject_banned_ip_address!
+    ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
+    return unless ip_address&.banned?
+
+    head :forbidden
+  end
+
+  def reject_banned_user!
+    return unless current_user&.banned?
+
+    head :forbidden
+  end
 end
diff --git a/backend/app/models/ip_address.rb b/backend/app/models/ip_address.rb
index 4c68099..5279369 100644
--- a/backend/app/models/ip_address.rb
+++ b/backend/app/models/ip_address.rb
@@ -5,5 +5,6 @@ class IpAddress < ApplicationRecord
   has_many :users, through: :user_ips
 
   def banned? = banned_at.present?
-  def ban! = update!(banned_at: Time.current)
+  def ban! = banned? or update!(banned_at: Time.current)
+  def unban! = update!(banned_at: nil)
 end
diff --git a/backend/app/models/user.rb b/backend/app/models/user.rb
index 4834254..5f4bab5 100644
--- a/backend/app/models/user.rb
+++ b/backend/app/models/user.rb
@@ -22,5 +22,6 @@ class User < ApplicationRecord
   def gte_member? = member? || admin?
 
   def banned? = banned_at.present?
-  def ban! = update!(banned_at: Time.current)
+  def ban! = banned? or update!(banned_at: Time.current)
+  def unban! = update!(banned_at: nil)
 end