mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-23 09:41:26 +02:00
Code Issues Releases Wiki Activity

Revert "Fixes wrong IP address when using a reverse proxy (#2236)" (#2242)

Browse Source 
This reverts commit a6cb962f97 pending further discussion of https://github.com/flarum/core/pull/2236#issuecomment-663645583
This commit is contained in:
Alexander Skvortsov
2020-07-24 14:19:10 -04:00
committed by GitHub
parent 5df2f11ace
commit a5cff3a352
7 changed files with 2 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
framework/core/src/Admin/AdminServiceProvider.php
View File

@@ -25,7 +25,6 @@ use Flarum\Http\RouteHandlerFactory;
use Flarum\Http\UrlGenerator; use Flarum\Http\UrlGenerator;
use Flarum\Locale\LocaleManager; use Flarum\Locale\LocaleManager;
use Flarum\Settings\Event\Saved; use Flarum\Settings\Event\Saved;
use Illuminate\Support\Arr;
use Laminas\Stratigility\MiddlewarePipe; use Laminas\Stratigility\MiddlewarePipe;
class AdminServiceProvider extends AbstractServiceProvider class AdminServiceProvider extends AbstractServiceProvider
@@ -49,7 +48,6 @@ class AdminServiceProvider extends AbstractServiceProvider
$this->app->singleton('flarum.admin.middleware', function () { $this->app->singleton('flarum.admin.middleware', function () {
return [ return [
'flarum.admin.error_handler', 'flarum.admin.error_handler',
'flarum.admin.proxy_middleware',
HttpMiddleware\ParseJsonBody::class, HttpMiddleware\ParseJsonBody::class,
HttpMiddleware\StartSession::class, HttpMiddleware\StartSession::class,
HttpMiddleware\RememberFromCookie::class, HttpMiddleware\RememberFromCookie::class,
@@ -68,15 +66,6 @@ class AdminServiceProvider extends AbstractServiceProvider
); );
}); });
$this->app->bind('flarum.admin.proxy_middleware', function () {
$config = $this->app->make('flarum.config');
return new HttpMiddleware\ProxyAddress(
Arr::get($config, 'reverse_proxy.enabled', false),
Arr::get($config, 'reverse_proxy.allowed', ['127.0.0.1'])
);
});
$this->app->singleton('flarum.admin.handler', function () { $this->app->singleton('flarum.admin.handler', function () {
$pipe = new MiddlewarePipe; $pipe = new MiddlewarePipe;

11
framework/core/src/Api/ApiServiceProvider.php
View File

@@ -22,7 +22,6 @@ use Flarum\Http\Middleware as HttpMiddleware;
use Flarum\Http\RouteCollection; use Flarum\Http\RouteCollection;
use Flarum\Http\RouteHandlerFactory; use Flarum\Http\RouteHandlerFactory;
use Flarum\Http\UrlGenerator; use Flarum\Http\UrlGenerator;
use Illuminate\Support\Arr;
use Laminas\Stratigility\MiddlewarePipe; use Laminas\Stratigility\MiddlewarePipe;
class ApiServiceProvider extends AbstractServiceProvider class ApiServiceProvider extends AbstractServiceProvider
@@ -46,7 +45,6 @@ class ApiServiceProvider extends AbstractServiceProvider
$this->app->singleton('flarum.api.middleware', function () { $this->app->singleton('flarum.api.middleware', function () {
return [ return [
'flarum.api.error_handler', 'flarum.api.error_handler',
'flarum.api.proxy_middleware',
HttpMiddleware\ParseJsonBody::class, HttpMiddleware\ParseJsonBody::class,
Middleware\FakeHttpMethods::class, Middleware\FakeHttpMethods::class,
HttpMiddleware\StartSession::class, HttpMiddleware\StartSession::class,
@@ -66,15 +64,6 @@ class ApiServiceProvider extends AbstractServiceProvider
); );
}); });
$this->app->bind('flarum.api.proxy_middleware', function () {
$config = $this->app->make('flarum.config');
return new HttpMiddleware\ProxyAddress(
Arr::get($config, 'reverse_proxy.enabled', false),
Arr::get($config, 'reverse_proxy.allowed', ['127.0.0.1'])
);
});
$this->app->singleton('flarum.api.handler', function () { $this->app->singleton('flarum.api.handler', function () {
$pipe = new MiddlewarePipe; $pipe = new MiddlewarePipe;

2
framework/core/src/Api/Controller/CreateDiscussionController.php
View File

@@ -62,7 +62,7 @@ class CreateDiscussionController extends AbstractCreateController
protected function data(ServerRequestInterface $request, Document $document) protected function data(ServerRequestInterface $request, Document $document)
{ {
$actor = $request->getAttribute('actor'); $actor = $request->getAttribute('actor');
$ipAddress = $request->getAttribute('ipAddress'); $ipAddress = Arr::get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
if (! $request->getAttribute('bypassFloodgate')) { if (! $request->getAttribute('bypassFloodgate')) {
$this->floodgate->assertNotFlooding($actor); $this->floodgate->assertNotFlooding($actor);

2
framework/core/src/Api/Controller/CreatePostController.php
View File

@@ -63,7 +63,7 @@ class CreatePostController extends AbstractCreateController
$actor = $request->getAttribute('actor'); $actor = $request->getAttribute('actor');
$data = Arr::get($request->getParsedBody(), 'data', []); $data = Arr::get($request->getParsedBody(), 'data', []);
$discussionId = Arr::get($data, 'relationships.discussion.data.id'); $discussionId = Arr::get($data, 'relationships.discussion.data.id');
$ipAddress = $request->getAttribute('ipAddress'); $ipAddress = Arr::get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
if (! $request->getAttribute('bypassFloodgate')) { if (! $request->getAttribute('bypassFloodgate')) {
$this->floodgate->assertNotFlooding($actor); $this->floodgate->assertNotFlooding($actor);

11
framework/core/src/Forum/ForumServiceProvider.php
View File

@@ -29,7 +29,6 @@ use Flarum\Locale\LocaleManager;
use Flarum\Settings\Event\Saved; use Flarum\Settings\Event\Saved;
use Flarum\Settings\Event\Saving; use Flarum\Settings\Event\Saving;
use Flarum\Settings\SettingsRepositoryInterface; use Flarum\Settings\SettingsRepositoryInterface;
use Illuminate\Support\Arr;
use Laminas\Stratigility\MiddlewarePipe; use Laminas\Stratigility\MiddlewarePipe;
use Symfony\Component\Translation\TranslatorInterface; use Symfony\Component\Translation\TranslatorInterface;
@@ -58,7 +57,6 @@ class ForumServiceProvider extends AbstractServiceProvider
$this->app->singleton('flarum.forum.middleware', function () { $this->app->singleton('flarum.forum.middleware', function () {
return [ return [
'flarum.forum.error_handler', 'flarum.forum.error_handler',
'flarum.forum.proxy_middleware',
HttpMiddleware\ParseJsonBody::class, HttpMiddleware\ParseJsonBody::class,
HttpMiddleware\CollectGarbage::class, HttpMiddleware\CollectGarbage::class,
HttpMiddleware\StartSession::class, HttpMiddleware\StartSession::class,
@@ -78,15 +76,6 @@ class ForumServiceProvider extends AbstractServiceProvider
); );
}); });
$this->app->bind('flarum.forum.proxy_middleware', function () {
$config = $this->app->make('flarum.config');
return new HttpMiddleware\ProxyAddress(
Arr::get($config, 'reverse_proxy.enabled', false),
Arr::get($config, 'reverse_proxy.allowed', ['127.0.0.1'])
);
});
$this->app->singleton('flarum.forum.handler', function () { $this->app->singleton('flarum.forum.handler', function () {
$pipe = new MiddlewarePipe; $pipe = new MiddlewarePipe;

21
framework/core/src/Http/Exception/ProxyNotAllowedException.php
View File

@@ -1,21 +0,0 @@
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Http\Exception;
use Exception;
use Flarum\Foundation\KnownError;
class ProxyNotAllowedException extends Exception implements KnownError
{
public function getType(): string
{
return 'reverse_proxy_not_allowed';
}
}

72
framework/core/src/Http/Middleware/ProxyAddress.php
View File

@@ -1,72 +0,0 @@
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Http\Middleware;
use Flarum\Http\Exception\ProxyNotAllowedException;
use Illuminate\Support\Arr;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface as Middleware;
use Psr\Http\Server\RequestHandlerInterface;
class ProxyAddress implements Middleware
{
/**
* @var bool
*/
protected $enabled;
/**
* @var array
*/
protected $allowedAddresses;
/**
* @param bool $enabled
* @param array $allowedAddresses
*/
public function __construct($enabled, $allowedAddresses)
{
$this->enabled = $enabled;
$this->allowedAddresses = $allowedAddresses;
}
private function wildcardMatch(string $ipAddress): bool
{
foreach ($this->allowedAddresses as $allowedAddress) {
if (fnmatch($allowedAddress, $ipAddress)) {
return true;
}
}
return false;
}
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
$serverParams = $request->getServerParams();
$ipAddress = Arr::get($serverParams, 'REMOTE_ADDR', '127.0.0.1');
if ($this->enabled) {
if ($this->wildcardMatch($ipAddress)) {
// standard header for proxies, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
$ipAddress = Arr::get($serverParams, 'X_FORWARDED_FOR', $ipAddress);
$ipAddress = Arr::get($serverParams, 'HTTP_CLIENT_IP', $ipAddress);
$ipAddress = Arr::get($serverParams, 'X_PROXYUSER_IP', $ipAddress);
} else {
throw new ProxyNotAllowedException();
}
}
$request = $request->withAttribute('ipAddress', $ipAddress);
return $handler->handle($request);
}
}