mirror of
https://github.com/flarum/core.git
synced 2025-07-21 08:41:17 +02:00
This reverts commit a6cb962f97 pending further discussion of https://github.com/flarum/core/pull/2236#issuecomment-663645583
This commit is contained in:
Alexander Skvortsov
committed by
GitHub
GitHub
parent
5df2f11ace
commit
a5cff3a352
@@ -1,21 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of Flarum.
|
||||
*
|
||||
* For detailed copyright and license information, please view the
|
||||
* LICENSE file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Flarum\Http\Exception;
|
||||
|
||||
use Exception;
|
||||
use Flarum\Foundation\KnownError;
|
||||
|
||||
class ProxyNotAllowedException extends Exception implements KnownError
|
||||
{
|
||||
public function getType(): string
|
||||
{
|
||||
return 'reverse_proxy_not_allowed';
|
||||
}
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of Flarum.
|
||||
*
|
||||
* For detailed copyright and license information, please view the
|
||||
* LICENSE file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Flarum\Http\Middleware;
|
||||
|
||||
use Flarum\Http\Exception\ProxyNotAllowedException;
|
||||
use Illuminate\Support\Arr;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Server\MiddlewareInterface as Middleware;
|
||||
use Psr\Http\Server\RequestHandlerInterface;
|
||||
|
||||
class ProxyAddress implements Middleware
|
||||
{
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
protected $enabled;
|
||||
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
protected $allowedAddresses;
|
||||
|
||||
/**
|
||||
* @param bool $enabled
|
||||
* @param array $allowedAddresses
|
||||
*/
|
||||
public function __construct($enabled, $allowedAddresses)
|
||||
{
|
||||
$this->enabled = $enabled;
|
||||
$this->allowedAddresses = $allowedAddresses;
|
||||
}
|
||||
|
||||
private function wildcardMatch(string $ipAddress): bool
|
||||
{
|
||||
foreach ($this->allowedAddresses as $allowedAddress) {
|
||||
if (fnmatch($allowedAddress, $ipAddress)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
$serverParams = $request->getServerParams();
|
||||
$ipAddress = Arr::get($serverParams, 'REMOTE_ADDR', '127.0.0.1');
|
||||
|
||||
if ($this->enabled) {
|
||||
if ($this->wildcardMatch($ipAddress)) {
|
||||
// standard header for proxies, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
||||
$ipAddress = Arr::get($serverParams, 'X_FORWARDED_FOR', $ipAddress);
|
||||
$ipAddress = Arr::get($serverParams, 'HTTP_CLIENT_IP', $ipAddress);
|
||||
$ipAddress = Arr::get($serverParams, 'X_PROXYUSER_IP', $ipAddress);
|
||||
} else {
|
||||
throw new ProxyNotAllowedException();
|
||||
}
|
||||
}
|
||||
|
||||
$request = $request->withAttribute('ipAddress', $ipAddress);
|
||||
|
||||
return $handler->handle($request);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user