Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Tighten allowed IPs to avoid brute-force workarounds.
- Loading branch information
1 parent
aad0147
commit bdb2359
Showing
10 changed files
with
181 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace App\Entity\Enums; | ||
|
||
use Psr\Http\Message\ServerRequestInterface; | ||
|
||
enum IpSources: string | ||
{ | ||
case Local = 'local'; | ||
case XForwardedFor = 'xff'; | ||
case Cloudflare = 'cloudflare'; | ||
|
||
public static function default(): self | ||
{ | ||
return self::Local; | ||
} | ||
|
||
public function getIp(ServerRequestInterface $request): string | ||
{ | ||
if (self::Cloudflare === $this) { | ||
$ip = $request->getHeaderLine('CF-Connecting-IP'); | ||
if (!empty($ip)) { | ||
return $this->parseIp($ip); | ||
} | ||
} | ||
|
||
if (self::XForwardedFor === $this) { | ||
$ip = $request->getHeaderLine('X-Forwarded-For'); | ||
if (!empty($ip)) { | ||
return $this->parseIp($ip); | ||
} | ||
} | ||
|
||
$serverParams = $request->getServerParams(); | ||
$ip = $serverParams['REMOTE_ADDR'] ?? null; | ||
|
||
if (empty($ip)) { | ||
throw new \RuntimeException('No IP address attached to this request.'); | ||
} | ||
|
||
return $this->parseIp($ip); | ||
} | ||
|
||
private function parseIp(string $ip): string | ||
{ | ||
// Handle the IP being separated by commas. | ||
if (str_contains($ip, ',')) { | ||
$ipParts = explode(',', $ip); | ||
$ip = array_shift($ipParts); | ||
} | ||
|
||
return trim($ip); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace App\Entity\Migration; | ||
|
||
use Doctrine\DBAL\Schema\Schema; | ||
use Doctrine\Migrations\AbstractMigration; | ||
|
||
final class Version20230428062001 extends AbstractMigration | ||
{ | ||
public function getDescription(): string | ||
{ | ||
return 'Add "IP Source" setting.'; | ||
} | ||
|
||
public function up(Schema $schema): void | ||
{ | ||
$this->addSql('ALTER TABLE settings ADD ip_source VARCHAR(50) DEFAULT NULL'); | ||
} | ||
|
||
public function down(Schema $schema): void | ||
{ | ||
$this->addSql('ALTER TABLE settings DROP ip_source'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters