Skip to content

Commit

Permalink
build for #777
Browse files Browse the repository at this point in the history
  • Loading branch information
@mevdschee
mevdschee committed Mar 29, 2021
1 parent faae2d5 commit 1000fb1
Show file tree
Hide file tree
Showing 2 changed files with 236 additions and 4 deletions.
120 changes: 118 additions & 2 deletions api.include.php
View file
Expand Up @@ -8394,6 +8394,122 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
}
}

// file: src/Tqdev/PhpCrudApi/Middleware/QueryQuotaMiddleware.php
namespace Tqdev\PhpCrudApi\Middleware {

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Tqdev\PhpCrudApi\Controller\Responder;
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
use Tqdev\PhpCrudApi\Record\ErrorCode;

class QueryQuotaMiddleware extends Middleware
{
private function ipMatch(string $ip, string $cidr): bool
{
if (strpos($cidr, '/') !== false) {
list($subnet, $mask) = explode('/', trim($cidr));
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
return true;
}
} else {
if (ip2long($ip) == ip2long($cidr)) {
return true;
}
}
return false;
}

private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
{
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
if ($this->ipMatch($ipAddress, $allowedIp)) {
return true;
}
}
return false;
}

public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
{
$reverseProxy = $this->getProperty('reverseProxy', '');
if ($reverseProxy) {
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
$ipAddress = $_SERVER['REMOTE_ADDR'];
} else {
$ipAddress = '127.0.0.1';
}
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
} else {
$response = $next->handle($request);
}
return $response;
}
}
}

// file: src/Tqdev/PhpCrudApi/Middleware/RateLimitMiddleware copy.php
namespace Tqdev\PhpCrudApi\Middleware {

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Tqdev\PhpCrudApi\Controller\Responder;
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
use Tqdev\PhpCrudApi\Record\ErrorCode;

class RateLimitMiddleware extends Middleware
{
private function ipMatch(string $ip, string $cidr): bool
{
if (strpos($cidr, '/') !== false) {
list($subnet, $mask) = explode('/', trim($cidr));
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
return true;
}
} else {
if (ip2long($ip) == ip2long($cidr)) {
return true;
}
}
return false;
}

private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
{
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
if ($this->ipMatch($ipAddress, $allowedIp)) {
return true;
}
}
return false;
}

public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
{
$reverseProxy = $this->getProperty('reverseProxy', '');
if ($reverseProxy) {
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
$ipAddress = $_SERVER['REMOTE_ADDR'];
} else {
$ipAddress = '127.0.0.1';
}
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
} else {
$response = $next->handle($request);
}
return $response;
}
}
}

// file: src/Tqdev/PhpCrudApi/Middleware/ReconnectMiddleware.php
namespace Tqdev\PhpCrudApi\Middleware {

Expand Down Expand Up @@ -9076,7 +9192,7 @@ private function getToken(): string
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
$token = bin2hex(random_bytes(8));
if (!headers_sent()) {
setcookie($cookieName, $token, 0, '', '', $secure);
setcookie($cookieName, $token, 0, '/', '', $secure);
}
}
return $token;
Expand All @@ -9089,7 +9205,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
$excludeMethods = $this->getArrayProperty('excludeMethods', 'OPTIONS,GET');
if (!in_array($method, $excludeMethods)) {
$headerName = $this->getProperty('headerName', 'X-XSRF-TOKEN');
if ($token != $request->getHeader($headerName)) {
if ($token != $request->getHeader($headerName)[0]) {
return $this->responder->error(ErrorCode::BAD_OR_MISSING_XSRF_TOKEN, '');
}
}
Expand Down
120 changes: 118 additions & 2 deletions api.php
View file
Expand Up @@ -8394,6 +8394,122 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
}
}

// file: src/Tqdev/PhpCrudApi/Middleware/QueryQuotaMiddleware.php
namespace Tqdev\PhpCrudApi\Middleware {

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Tqdev\PhpCrudApi\Controller\Responder;
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
use Tqdev\PhpCrudApi\Record\ErrorCode;

class QueryQuotaMiddleware extends Middleware
{
private function ipMatch(string $ip, string $cidr): bool
{
if (strpos($cidr, '/') !== false) {
list($subnet, $mask) = explode('/', trim($cidr));
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
return true;
}
} else {
if (ip2long($ip) == ip2long($cidr)) {
return true;
}
}
return false;
}

private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
{
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
if ($this->ipMatch($ipAddress, $allowedIp)) {
return true;
}
}
return false;
}

public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
{
$reverseProxy = $this->getProperty('reverseProxy', '');
if ($reverseProxy) {
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
$ipAddress = $_SERVER['REMOTE_ADDR'];
} else {
$ipAddress = '127.0.0.1';
}
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
} else {
$response = $next->handle($request);
}
return $response;
}
}
}

// file: src/Tqdev/PhpCrudApi/Middleware/RateLimitMiddleware copy.php
namespace Tqdev\PhpCrudApi\Middleware {

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Tqdev\PhpCrudApi\Controller\Responder;
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
use Tqdev\PhpCrudApi\Record\ErrorCode;

class RateLimitMiddleware extends Middleware
{
private function ipMatch(string $ip, string $cidr): bool
{
if (strpos($cidr, '/') !== false) {
list($subnet, $mask) = explode('/', trim($cidr));
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
return true;
}
} else {
if (ip2long($ip) == ip2long($cidr)) {
return true;
}
}
return false;
}

private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
{
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
if ($this->ipMatch($ipAddress, $allowedIp)) {
return true;
}
}
return false;
}

public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
{
$reverseProxy = $this->getProperty('reverseProxy', '');
if ($reverseProxy) {
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
$ipAddress = $_SERVER['REMOTE_ADDR'];
} else {
$ipAddress = '127.0.0.1';
}
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
} else {
$response = $next->handle($request);
}
return $response;
}
}
}

// file: src/Tqdev/PhpCrudApi/Middleware/ReconnectMiddleware.php
namespace Tqdev\PhpCrudApi\Middleware {

Expand Down Expand Up @@ -9076,7 +9192,7 @@ private function getToken(): string
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
$token = bin2hex(random_bytes(8));
if (!headers_sent()) {
setcookie($cookieName, $token, 0, '', '', $secure);
setcookie($cookieName, $token, 0, '/', '', $secure);
}
}
return $token;
Expand All @@ -9089,7 +9205,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
$excludeMethods = $this->getArrayProperty('excludeMethods', 'OPTIONS,GET');
if (!in_array($method, $excludeMethods)) {
$headerName = $this->getProperty('headerName', 'X-XSRF-TOKEN');
if ($token != $request->getHeader($headerName)) {
if ($token != $request->getHeader($headerName)[0]) {
return $this->responder->error(ErrorCode::BAD_OR_MISSING_XSRF_TOKEN, '');
}
}
Expand Down

0 comments on commit 1000fb1

Please sign in to comment.