mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-05-08 19:42:15 +09:00
Move IpFilter class to Security namespace
This commit is contained in:
Kijin Sung
parent
0adb13ca30
commit
544170b530
10 changed files with 94 additions and 94 deletions
|
|
@ -1478,7 +1478,7 @@ class Context
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow if the current user is in the list of allowed IPs.
|
// Allow if the current user is in the list of allowed IPs.
|
||||||
if (Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, config('lock.allow')))
|
if (Rhymix\Framework\Security\IpFilter::inRanges(RX_CLIENT_IP, config('lock.allow')))
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,12 @@ class IpFilter
|
||||||
public function filter($ip_list, $ip = NULL)
|
public function filter($ip_list, $ip = NULL)
|
||||||
{
|
{
|
||||||
if(!$ip) $ip = $_SERVER['REMOTE_ADDR'];
|
if(!$ip) $ip = $_SERVER['REMOTE_ADDR'];
|
||||||
return Rhymix\Framework\IpFilter::inRanges($ip, $ip_list);
|
return Rhymix\Framework\Security\IpFilter::inRanges($ip, $ip_list);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function validate($ip_list = array())
|
public function validate($ip_list = array())
|
||||||
{
|
{
|
||||||
return Rhymix\Framework\IpFilter::validateRanges($ip_list);
|
return Rhymix\Framework\Security\IpFilter::validateRanges($ip_list);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -53,8 +53,8 @@ else
|
||||||
*/
|
*/
|
||||||
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
|
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
|
||||||
{
|
{
|
||||||
include_once __DIR__ . '/framework/ipfilter.php';
|
include_once __DIR__ . '/framework/security/ipfilter.php';
|
||||||
Rhymix\Framework\IpFilter::getCloudFlareRealIP();
|
Rhymix\Framework\Security\IpFilter::getCloudFlareRealIP();
|
||||||
}
|
}
|
||||||
if (isset($_SERVER['REMOTE_ADDR']) && preg_match('/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/', $_SERVER['REMOTE_ADDR'], $matches))
|
if (isset($_SERVER['REMOTE_ADDR']) && preg_match('/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/', $_SERVER['REMOTE_ADDR'], $matches))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -445,7 +445,7 @@ class Debug
|
||||||
return $cache = true;
|
return $cache = true;
|
||||||
|
|
||||||
case 'ip':
|
case 'ip':
|
||||||
if (IpFilter::inRanges(RX_CLIENT_IP, Config::get('debug.allow')))
|
if (Security\IpFilter::inRanges(RX_CLIENT_IP, Config::get('debug.allow')))
|
||||||
{
|
{
|
||||||
return $cache = true;
|
return $cache = true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
namespace Rhymix\Framework;
|
namespace Rhymix\Framework\Security;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The IP filter class.
|
* The IP filter class.
|
||||||
|
|
@ -587,7 +587,7 @@ class adminAdminController extends admin
|
||||||
$allowed_ip = array_unique(array_filter($allowed_ip, function($item) {
|
$allowed_ip = array_unique(array_filter($allowed_ip, function($item) {
|
||||||
return $item !== '';
|
return $item !== '';
|
||||||
}));
|
}));
|
||||||
if (!Rhymix\Framework\IpFilter::validateRanges($allowed_ip)) {
|
if (!Rhymix\Framework\Security\IpFilter::validateRanges($allowed_ip)) {
|
||||||
return new Object(-1, 'msg_invalid_ip');
|
return new Object(-1, 'msg_invalid_ip');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -595,7 +595,7 @@ class adminAdminController extends admin
|
||||||
$denied_ip = array_unique(array_filter($denied_ip, function($item) {
|
$denied_ip = array_unique(array_filter($denied_ip, function($item) {
|
||||||
return $item !== '';
|
return $item !== '';
|
||||||
}));
|
}));
|
||||||
if (!Rhymix\Framework\IpFilter::validateRanges($denied_ip)) {
|
if (!Rhymix\Framework\Security\IpFilter::validateRanges($denied_ip)) {
|
||||||
return new Object(-1, 'msg_invalid_ip');
|
return new Object(-1, 'msg_invalid_ip');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -745,7 +745,7 @@ class adminAdminController extends admin
|
||||||
$allowed_ip = array_unique(array_filter($allowed_ip, function($item) {
|
$allowed_ip = array_unique(array_filter($allowed_ip, function($item) {
|
||||||
return $item !== '';
|
return $item !== '';
|
||||||
}));
|
}));
|
||||||
if (!IpFilter::validate($whitelist)) {
|
if (!Rhymix\Framework\Security\IpFilter::validate($allowed_ip)) {
|
||||||
return new Object(-1, 'msg_invalid_ip');
|
return new Object(-1, 'msg_invalid_ip');
|
||||||
}
|
}
|
||||||
Rhymix\Framework\Config::set('debug.allow', array_values($allowed_ip));
|
Rhymix\Framework\Config::set('debug.allow', array_values($allowed_ip));
|
||||||
|
|
@ -771,17 +771,17 @@ class adminAdminController extends admin
|
||||||
|
|
||||||
if ($vars->sitelock_locked === 'Y')
|
if ($vars->sitelock_locked === 'Y')
|
||||||
{
|
{
|
||||||
if (!Rhymix\Framework\IpFilter::inRanges('127.0.0.1', $allowed_ip))
|
if (!Rhymix\Framework\Security\IpFilter::inRanges('127.0.0.1', $allowed_ip))
|
||||||
{
|
{
|
||||||
array_unshift($allowed_ip, '127.0.0.1');
|
array_unshift($allowed_ip, '127.0.0.1');
|
||||||
}
|
}
|
||||||
if (!Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $allowed_ip))
|
if (!Rhymix\Framework\Security\IpFilter::inRanges(RX_CLIENT_IP, $allowed_ip))
|
||||||
{
|
{
|
||||||
array_unshift($allowed_ip, RX_CLIENT_IP);
|
array_unshift($allowed_ip, RX_CLIENT_IP);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Rhymix\Framework\IpFilter::validateRanges($allowed_ip))
|
if (!Rhymix\Framework\Security\IpFilter::validateRanges($allowed_ip))
|
||||||
{
|
{
|
||||||
return new Object(-1, 'msg_invalid_ip');
|
return new Object(-1, 'msg_invalid_ip');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -518,11 +518,11 @@ class adminAdminView extends admin
|
||||||
Context::set('sitelock_message', escape(Rhymix\Framework\Config::get('lock.message')));
|
Context::set('sitelock_message', escape(Rhymix\Framework\Config::get('lock.message')));
|
||||||
|
|
||||||
$allowed_ip = Rhymix\Framework\Config::get('lock.allow') ?: array();
|
$allowed_ip = Rhymix\Framework\Config::get('lock.allow') ?: array();
|
||||||
if (!Rhymix\Framework\IpFilter::inRanges('127.0.0.1', $allowed_ip))
|
if (!Rhymix\Framework\Security\IpFilter::inRanges('127.0.0.1', $allowed_ip))
|
||||||
{
|
{
|
||||||
array_unshift($allowed_ip, '127.0.0.1');
|
array_unshift($allowed_ip, '127.0.0.1');
|
||||||
}
|
}
|
||||||
if (!Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $allowed_ip))
|
if (!Rhymix\Framework\Security\IpFilter::inRanges(RX_CLIENT_IP, $allowed_ip))
|
||||||
{
|
{
|
||||||
array_unshift($allowed_ip, RX_CLIENT_IP);
|
array_unshift($allowed_ip, RX_CLIENT_IP);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -298,12 +298,12 @@ class memberAdminModel extends member
|
||||||
{
|
{
|
||||||
if ($allow_list = ($allow_list === null) ? config('admin.allow') : $allow_list)
|
if ($allow_list = ($allow_list === null) ? config('admin.allow') : $allow_list)
|
||||||
{
|
{
|
||||||
return Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $allow_list);
|
return Rhymix\Framework\Security\IpFilter::inRanges(RX_CLIENT_IP, $allow_list);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($deny_list = ($deny_list === null) ? config('admin.deny') : $deny_list)
|
if ($deny_list = ($deny_list === null) ? config('admin.deny') : $deny_list)
|
||||||
{
|
{
|
||||||
return !Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $deny_list);
|
return !Rhymix\Framework\Security\IpFilter::inRanges(RX_CLIENT_IP, $deny_list);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
||||||
|
|
@ -1,77 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
class IpFilterTest extends \Codeception\TestCase\Test
|
|
||||||
{
|
|
||||||
public function testIPv4CIDR()
|
|
||||||
{
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('10.0.127.191', '10.0.127.191'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('10.1.131.177', '10.1.131.178'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('127.0.0.1', '127.0.0.0/8'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('172.34.0.0', '172.16.0.0/12'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('192.168.18.214', '192.168.16.0/22'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('192.168.18.214', '192.168.16.0/23'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testIPv6CIDR()
|
|
||||||
{
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('::1', '::1/128'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('::1', '::2'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('2400:cb00::1234', '2400:cb00::/32'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('2405:8100::1234', '2400:cb00::/32'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testIPv4Wildcard()
|
|
||||||
{
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.134.*'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.*.*'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.136.*'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.172.*.*'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testIPv4Hyphen()
|
|
||||||
{
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.134.0-192.168.134.255'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.128.16-192.168.145.0'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.134.242-192.168.244.7'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::inRange('192.168.134.241', '192.168.100.255-192.168.133.19'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testValidator()
|
|
||||||
{
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::validateRange('192.168.0.1'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::validateRange('192.168.0.0/16'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::validateRange('192.168.*.*'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::validateRange('192.168.*'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::validateRange('192.168.0.0-192.168.255.255'));
|
|
||||||
$this->assertTrue(Rhymix\Framework\IpFilter::validateRange('2400:cb00::/32'));
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::validateRange('192.168.0.0~192.168.255.255'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testLegacy()
|
|
||||||
{
|
|
||||||
$this->assertTrue(\IpFilter::filter(array('192.168.134.241'), '192.168.134.241'));
|
|
||||||
$this->assertTrue(\IpFilter::filter(array('192.168.134.0-192.168.134.255'), '192.168.134.241'));
|
|
||||||
$this->assertTrue(\IpFilter::filter(array('127.0.0.1', '192.168.134.241'), '192.168.134.241'));
|
|
||||||
$this->assertTrue(\IpFilter::filter(array('192.168.134.*'), '192.168.134.241'));
|
|
||||||
$this->assertTrue(\IpFilter::filter(array('192.168.*'), '192.168.134.241'));
|
|
||||||
$this->assertFalse(\IpFilter::filter(array('127.0.0.1'), '192.168.134.241'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testCloudFlareRealIP()
|
|
||||||
{
|
|
||||||
$_SERVER['HTTP_CF_CONNECTING_IP'] = '192.168.134.241';
|
|
||||||
|
|
||||||
$_SERVER['REMOTE_ADDR'] = '192.168.10.1';
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::getCloudFlareRealIP());
|
|
||||||
$this->assertEquals('192.168.10.1', $_SERVER['REMOTE_ADDR']);
|
|
||||||
|
|
||||||
$_SERVER['REMOTE_ADDR'] = '108.162.192.121';
|
|
||||||
$this->assertEquals('192.168.134.241', Rhymix\Framework\IpFilter::getCloudFlareRealIP());
|
|
||||||
$this->assertEquals('192.168.134.241', $_SERVER['REMOTE_ADDR']);
|
|
||||||
|
|
||||||
unset($_SERVER['HTTP_CF_CONNECTING_IP']);
|
|
||||||
$_SERVER['REMOTE_ADDR'] = '192.168.10.1';
|
|
||||||
$this->assertFalse(Rhymix\Framework\IpFilter::getCloudFlareRealIP());
|
|
||||||
$this->assertEquals('192.168.10.1', $_SERVER['REMOTE_ADDR']);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
77
tests/unit/framework/security/IpFilterTest.php
Normal file
77
tests/unit/framework/security/IpFilterTest.php
Normal file
|
|
@ -0,0 +1,77 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
class IpFilterTest extends \Codeception\TestCase\Test
|
||||||
|
{
|
||||||
|
public function testIPv4CIDR()
|
||||||
|
{
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('10.0.127.191', '10.0.127.191'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('10.1.131.177', '10.1.131.178'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('127.0.0.1', '127.0.0.0/8'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('172.34.0.0', '172.16.0.0/12'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('192.168.18.214', '192.168.16.0/22'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('192.168.18.214', '192.168.16.0/23'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIPv6CIDR()
|
||||||
|
{
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('::1', '::1/128'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('::1', '::2'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('2400:cb00::1234', '2400:cb00::/32'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('2405:8100::1234', '2400:cb00::/32'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIPv4Wildcard()
|
||||||
|
{
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.134.*'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.*.*'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.136.*'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.172.*.*'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIPv4Hyphen()
|
||||||
|
{
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.134.0-192.168.134.255'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.128.16-192.168.145.0'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.134.242-192.168.244.7'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::inRange('192.168.134.241', '192.168.100.255-192.168.133.19'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testValidator()
|
||||||
|
{
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::validateRange('192.168.0.1'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::validateRange('192.168.0.0/16'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::validateRange('192.168.*.*'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::validateRange('192.168.*'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::validateRange('192.168.0.0-192.168.255.255'));
|
||||||
|
$this->assertTrue(Rhymix\Framework\Security\IpFilter::validateRange('2400:cb00::/32'));
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::validateRange('192.168.0.0~192.168.255.255'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testLegacy()
|
||||||
|
{
|
||||||
|
$this->assertTrue(\IpFilter::filter(array('192.168.134.241'), '192.168.134.241'));
|
||||||
|
$this->assertTrue(\IpFilter::filter(array('192.168.134.0-192.168.134.255'), '192.168.134.241'));
|
||||||
|
$this->assertTrue(\IpFilter::filter(array('127.0.0.1', '192.168.134.241'), '192.168.134.241'));
|
||||||
|
$this->assertTrue(\IpFilter::filter(array('192.168.134.*'), '192.168.134.241'));
|
||||||
|
$this->assertTrue(\IpFilter::filter(array('192.168.*'), '192.168.134.241'));
|
||||||
|
$this->assertFalse(\IpFilter::filter(array('127.0.0.1'), '192.168.134.241'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testCloudFlareRealIP()
|
||||||
|
{
|
||||||
|
$_SERVER['HTTP_CF_CONNECTING_IP'] = '192.168.134.241';
|
||||||
|
|
||||||
|
$_SERVER['REMOTE_ADDR'] = '192.168.10.1';
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::getCloudFlareRealIP());
|
||||||
|
$this->assertEquals('192.168.10.1', $_SERVER['REMOTE_ADDR']);
|
||||||
|
|
||||||
|
$_SERVER['REMOTE_ADDR'] = '108.162.192.121';
|
||||||
|
$this->assertEquals('192.168.134.241', Rhymix\Framework\Security\IpFilter::getCloudFlareRealIP());
|
||||||
|
$this->assertEquals('192.168.134.241', $_SERVER['REMOTE_ADDR']);
|
||||||
|
|
||||||
|
unset($_SERVER['HTTP_CF_CONNECTING_IP']);
|
||||||
|
$_SERVER['REMOTE_ADDR'] = '192.168.10.1';
|
||||||
|
$this->assertFalse(Rhymix\Framework\Security\IpFilter::getCloudFlareRealIP());
|
||||||
|
$this->assertEquals('192.168.10.1', $_SERVER['REMOTE_ADDR']);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue