fix(settings): prevent false positives in allowed IPs validation

[Cinzya]

Summary

• Fixed allowed IPs validation to correctly detect 0.0.0.0 without false positives
• Removed redundant validation checks for cleaner code flow

Problem

The previous implementation used str_contains($this->allowed_ips, '0.0.0.0') which incorrectly matched valid IPs like 10.0.0.0, as the "allow all" special value, triggering false security warnings.

Solution

• Replaced substring check with array-based approach using in_array('0.0.0.0', array_map('trim', explode(',', $this->allowed_ips))) to match 0.0.0.0 as a discrete entry in the comma-separated list
• Removed redundant $this->allowed_ips === '0.0.0.0' check since the array approach handles this case
• Removed duplicate validation block that was checking the same conditions

Changes

• app/Livewire/Settings/Advanced.php: Updated 0.0.0.0 detection logic and removed redundant code

Testing

• 0.0.0.0 correctly triggers "allow all" warning
• 1.1.1.1,0.0.0.0 correctly triggers "allow all" warning
• 10.0.0.0 does NOT trigger false warning
• 192.168.0.0,10.0.0.0 does NOT trigger false warnin

Issues

• Discord from 22-10-2025 at 10:14 UTC

[ShadowArcanist]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes
  • Improved IP allowlist handling to more precisely detect wildcard IP entries. Allowlist entries are now evaluated as distinct values rather than substring matches, ensuring stricter and more predictable access control behavior. Redundant validation logic has been removed, streamlining the control flow.

Code Review Summary

Walkthrough

The allowed IP validation logic in the Advanced settings has been refined. The detection of the 0.0.0.0 wildcard entry now requires an exact match as a trimmed list element, rather than substring matching. A redundant duplicate check has been removed, streamlining the control flow.

Changes

Cohort / File(s)	Change Summary
IP Validation Logic Refinement app/Livewire/Settings/Advanced.php	Changed 0.0.0.0 detection from substring containment to exact trimmed array membership check using in_array(). Removed redundant duplicate validation block. Empty input behavior preserved.

---

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Reasoning: Single file with a focused, straightforward logic change—replacing substring detection with array membership checking. The modification is repetitive in nature (simple pattern swap) with no branching complexity or side effects to trace. This is like choosing between renting serverless functions or running a self-hosted validation server: the self-hosted version (exact membership check) is cleaner, more predictable, and doesn't waste VC marketing budget on unnecessary abstractions. Hasta la vista, redundant code. 🌮

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "fix(settings): prevent false positives in allowed IPs validation" directly and accurately describes the primary change in this PR. It references the core issue being addressed: false positives in IP validation logic, specifically the substring matching problem that was incorrectly flagging legitimate IPs like 10.0.0.0 as the "allow all" wildcard. The title is concise, specific, and uses conventional commit formatting, giving reviewers clear visibility into the fix's scope without unnecessary noise.
Description Check	✅ Passed	The pull request description comprehensively covers all required template sections: the Changes section clearly details the file modifications with specific implementation improvements, and the Issues section properly references the Discord discussion link. Beyond the template requirements, the author provided valuable additional context through Summary, Problem, and Solution sections that effectively explain the motivation and approach. The description is specific, well-structured, and on-topic. However, there is a minor typo in the Testing section where "warnin" appears incomplete at the end, though this does not materially impact the overall quality or completeness of the submission.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[andrasbacsai]

Thank you for the PR!

[andrasbacsai]

Added a few other fixes (UI related).