#327

backend/app/controllers/application_controller.rb

@@ -1,14 +1,16 @@
 class ApplicationController < ActionController::API
+  before_action :reject_banned_ip_address!
   before_action :authenticate_user
+  before_action :reject_banned_user!
 
-  def current_user
+  def current_user = @current_user
-    @current_user
-  end
 
   private
 
   def authenticate_user
     code = request.headers['X-Transfer-Code'] || request.headers['HTTP_X_TRANSFER_CODE']
+    return if code.blank?
+
     @current_user = User.find_by(inheritance_code: code)
   end
 
@@ -22,4 +24,17 @@ class ApplicationController < ActionController::API
       s.in?(['', '1', 'true', 'on', 'yes'])
     end
   end
+
+  def reject_banned_ip_address!
+    ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
+    return unless ip_address&.banned?
+
+    head :forbidden
+  end
+
+  def reject_banned_user!
+    return unless current_user&.banned?
+
+    head :forbidden
+  end
 end

backend/app/controllers/users_controller.rb

@@ -1,9 +1,9 @@
 class UsersController < ApplicationController
   def create
     return head :unprocessable_entity if request.remote_ip.blank?
+    return head :forbidden if ip_address_banned?
 
     user = nil
-
     User.transaction do
       user = User.create!(inheritance_code: SecureRandom.uuid, role: :guest)
       attach_ip_address!(user)
@@ -15,10 +15,12 @@ class UsersController < ApplicationController
   end
 
   def verify
+    return head :unprocessable_entity if request.remote_ip.blank?
+    return head :forbidden if ip_address_banned?
+
     user = User.find_by(inheritance_code: params[:code])
     return render json: { valid: false } unless user
-
+    return head :forbidden if user.banned?
-    return head :unprocessable_entity if request.remote_ip.blank?
 
     attach_ip_address!(user)
 
@@ -63,4 +65,11 @@ class UsersController < ApplicationController
 
     UserIp.create_or_find_by!(user:, ip_address:)
   end
+
+  def ip_address_banned?
+    ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
+    return false unless ip_address
+
+    ip_address.banned?
+  end
 end

backend/app/models/ip_address.rb

@@ -1,7 +1,10 @@
 class IpAddress < ApplicationRecord
   validates :ip_address, presence: true, length: { maximum: 16 }
-  validates :banned, inclusion: { in: [true, false] }
 
   has_many :user_ips, dependent: :destroy
   has_many :users, through: :user_ips
+
+  def banned? = banned_at.present?
+  def ban! = banned? or update!(banned_at: Time.current)
+  def unban! = update!(banned_at: nil)
 end

backend/app/models/user.rb

@@ -4,7 +4,6 @@ class User < ApplicationRecord
   validates :name, length: { maximum: 255 }
   validates :inheritance_code, presence: true, length: { maximum: 64 }
   validates :role, presence: true, inclusion: { in: roles.keys }
-  validates :banned, inclusion: { in: [true, false] }
 
   has_many :created_posts,
            class_name: 'Post', foreign_key: :uploaded_user_id, dependent: :nullify
@@ -19,5 +18,10 @@ class User < ApplicationRecord
            class_name: 'WikiPage', foreign_key: :updated_user_id, dependent: :nullify
 
   def viewed?(post) = user_post_views.exists?(post_id: post.id)
+
   def gte_member? = member? || admin?
+
+  def banned? = banned_at.present?
+  def ban! = banned? or update!(banned_at: Time.current)
+  def unban! = update!(banned_at: nil)
 end

backend/db/migrate/20260501153900_rename_banned_to_banned_at_in_users_and_ip_addresses.rb

@@ -0,0 +1,16 @@
+class RenameBannedToBannedAtInUsersAndIpAddresses < ActiveRecord::Migration[8.0]
+  def up
+    [:users, :ip_addresses].each do
+      add_column _1, :banned_at, :datetime, after: :banned
+      add_index _1, :banned_at
+      remove_column _1, :banned
+    end
+  end
+
+  def down
+    [:ip_addresses, :users].each do
+      add_column _1, :banned, :boolean, null: false, default: false, after: :banned_at
+      remove_column _1, :banned_at
+    end
+  end
+end

backend/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2026_04_27_214800) do
+ActiveRecord::Schema[8.0].define(version: 2026_05_01_153900) do
   create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
@@ -50,9 +50,10 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_27_214800) do
 
   create_table "ip_addresses", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.binary "ip_address", limit: 16, null: false
-    t.boolean "banned", default: false, null: false
+    t.datetime "banned_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.index ["banned_at"], name: "index_ip_addresses_on_banned_at"
     t.index ["ip_address"], name: "index_ip_addresses_on_ip_address", unique: true
   end
 
@@ -332,9 +333,10 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_27_214800) do
     t.string "name"
     t.string "inheritance_code", limit: 64, null: false
     t.string "role", null: false
-    t.boolean "banned", default: false, null: false
+    t.datetime "banned_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.index ["banned_at"], name: "index_users_on_banned_at"
   end
 
   create_table "wiki_assets", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|