Skip to content

Commit 1000fb1

Browse files
mevdscheemevdschee
committed
build for #777 
1 parent faae2d5 commit 1000fb1

File tree

2 files changed

+236
-4
lines changed

2 files changed

+236
-4
lines changed

api.include.php

+118-2
Original file line numberDiff line numberDiff line change
@@ -8394,6 +8394,122 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
83948394
}
83958395
}
83968396

8397+
// file: src/Tqdev/PhpCrudApi/Middleware/QueryQuotaMiddleware.php
8398+
namespace Tqdev\PhpCrudApi\Middleware {
8399+
8400+
use Psr\Http\Message\ResponseInterface;
8401+
use Psr\Http\Message\ServerRequestInterface;
8402+
use Psr\Http\Server\RequestHandlerInterface;
8403+
use Tqdev\PhpCrudApi\Controller\Responder;
8404+
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
8405+
use Tqdev\PhpCrudApi\Record\ErrorCode;
8406+
8407+
class QueryQuotaMiddleware extends Middleware
8408+
{
8409+
private function ipMatch(string $ip, string $cidr): bool
8410+
{
8411+
if (strpos($cidr, '/') !== false) {
8412+
list($subnet, $mask) = explode('/', trim($cidr));
8413+
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
8414+
return true;
8415+
}
8416+
} else {
8417+
if (ip2long($ip) == ip2long($cidr)) {
8418+
return true;
8419+
}
8420+
}
8421+
return false;
8422+
}
8423+
8424+
private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
8425+
{
8426+
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
8427+
if ($this->ipMatch($ipAddress, $allowedIp)) {
8428+
return true;
8429+
}
8430+
}
8431+
return false;
8432+
}
8433+
8434+
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
8435+
{
8436+
$reverseProxy = $this->getProperty('reverseProxy', '');
8437+
if ($reverseProxy) {
8438+
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
8439+
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
8440+
$ipAddress = $_SERVER['REMOTE_ADDR'];
8441+
} else {
8442+
$ipAddress = '127.0.0.1';
8443+
}
8444+
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
8445+
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
8446+
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
8447+
} else {
8448+
$response = $next->handle($request);
8449+
}
8450+
return $response;
8451+
}
8452+
}
8453+
}
8454+
8455+
// file: src/Tqdev/PhpCrudApi/Middleware/RateLimitMiddleware copy.php
8456+
namespace Tqdev\PhpCrudApi\Middleware {
8457+
8458+
use Psr\Http\Message\ResponseInterface;
8459+
use Psr\Http\Message\ServerRequestInterface;
8460+
use Psr\Http\Server\RequestHandlerInterface;
8461+
use Tqdev\PhpCrudApi\Controller\Responder;
8462+
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
8463+
use Tqdev\PhpCrudApi\Record\ErrorCode;
8464+
8465+
class RateLimitMiddleware extends Middleware
8466+
{
8467+
private function ipMatch(string $ip, string $cidr): bool
8468+
{
8469+
if (strpos($cidr, '/') !== false) {
8470+
list($subnet, $mask) = explode('/', trim($cidr));
8471+
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
8472+
return true;
8473+
}
8474+
} else {
8475+
if (ip2long($ip) == ip2long($cidr)) {
8476+
return true;
8477+
}
8478+
}
8479+
return false;
8480+
}
8481+
8482+
private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
8483+
{
8484+
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
8485+
if ($this->ipMatch($ipAddress, $allowedIp)) {
8486+
return true;
8487+
}
8488+
}
8489+
return false;
8490+
}
8491+
8492+
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
8493+
{
8494+
$reverseProxy = $this->getProperty('reverseProxy', '');
8495+
if ($reverseProxy) {
8496+
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
8497+
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
8498+
$ipAddress = $_SERVER['REMOTE_ADDR'];
8499+
} else {
8500+
$ipAddress = '127.0.0.1';
8501+
}
8502+
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
8503+
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
8504+
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
8505+
} else {
8506+
$response = $next->handle($request);
8507+
}
8508+
return $response;
8509+
}
8510+
}
8511+
}
8512+
83978513
// file: src/Tqdev/PhpCrudApi/Middleware/ReconnectMiddleware.php
83988514
namespace Tqdev\PhpCrudApi\Middleware {
83998515

@@ -9076,7 +9192,7 @@ private function getToken(): string
90769192
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
90779193
$token = bin2hex(random_bytes(8));
90789194
if (!headers_sent()) {
9079-
setcookie($cookieName, $token, 0, '', '', $secure);
9195+
setcookie($cookieName, $token, 0, '/', '', $secure);
90809196
}
90819197
}
90829198
return $token;
@@ -9089,7 +9205,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
90899205
$excludeMethods = $this->getArrayProperty('excludeMethods', 'OPTIONS,GET');
90909206
if (!in_array($method, $excludeMethods)) {
90919207
$headerName = $this->getProperty('headerName', 'X-XSRF-TOKEN');
9092-
if ($token != $request->getHeader($headerName)) {
9208+
if ($token != $request->getHeader($headerName)[0]) {
90939209
return $this->responder->error(ErrorCode::BAD_OR_MISSING_XSRF_TOKEN, '');
90949210
}
90959211
}

api.php

+118-2
Original file line numberDiff line numberDiff line change
@@ -8394,6 +8394,122 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
83948394
}
83958395
}
83968396

8397+
// file: src/Tqdev/PhpCrudApi/Middleware/QueryQuotaMiddleware.php
8398+
namespace Tqdev\PhpCrudApi\Middleware {
8399+
8400+
use Psr\Http\Message\ResponseInterface;
8401+
use Psr\Http\Message\ServerRequestInterface;
8402+
use Psr\Http\Server\RequestHandlerInterface;
8403+
use Tqdev\PhpCrudApi\Controller\Responder;
8404+
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
8405+
use Tqdev\PhpCrudApi\Record\ErrorCode;
8406+
8407+
class QueryQuotaMiddleware extends Middleware
8408+
{
8409+
private function ipMatch(string $ip, string $cidr): bool
8410+
{
8411+
if (strpos($cidr, '/') !== false) {
8412+
list($subnet, $mask) = explode('/', trim($cidr));
8413+
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
8414+
return true;
8415+
}
8416+
} else {
8417+
if (ip2long($ip) == ip2long($cidr)) {
8418+
return true;
8419+
}
8420+
}
8421+
return false;
8422+
}
8423+
8424+
private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
8425+
{
8426+
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
8427+
if ($this->ipMatch($ipAddress, $allowedIp)) {
8428+
return true;
8429+
}
8430+
}
8431+
return false;
8432+
}
8433+
8434+
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
8435+
{
8436+
$reverseProxy = $this->getProperty('reverseProxy', '');
8437+
if ($reverseProxy) {
8438+
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
8439+
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
8440+
$ipAddress = $_SERVER['REMOTE_ADDR'];
8441+
} else {
8442+
$ipAddress = '127.0.0.1';
8443+
}
8444+
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
8445+
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
8446+
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
8447+
} else {
8448+
$response = $next->handle($request);
8449+
}
8450+
return $response;
8451+
}
8452+
}
8453+
}
8454+
8455+
// file: src/Tqdev/PhpCrudApi/Middleware/RateLimitMiddleware copy.php
8456+
namespace Tqdev\PhpCrudApi\Middleware {
8457+
8458+
use Psr\Http\Message\ResponseInterface;
8459+
use Psr\Http\Message\ServerRequestInterface;
8460+
use Psr\Http\Server\RequestHandlerInterface;
8461+
use Tqdev\PhpCrudApi\Controller\Responder;
8462+
use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
8463+
use Tqdev\PhpCrudApi\Record\ErrorCode;
8464+
8465+
class RateLimitMiddleware extends Middleware
8466+
{
8467+
private function ipMatch(string $ip, string $cidr): bool
8468+
{
8469+
if (strpos($cidr, '/') !== false) {
8470+
list($subnet, $mask) = explode('/', trim($cidr));
8471+
if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) {
8472+
return true;
8473+
}
8474+
} else {
8475+
if (ip2long($ip) == ip2long($cidr)) {
8476+
return true;
8477+
}
8478+
}
8479+
return false;
8480+
}
8481+
8482+
private function isIpAllowed(string $ipAddress, string $allowedIpAddresses): bool
8483+
{
8484+
foreach (explode(',', $allowedIpAddresses) as $allowedIp) {
8485+
if ($this->ipMatch($ipAddress, $allowedIp)) {
8486+
return true;
8487+
}
8488+
}
8489+
return false;
8490+
}
8491+
8492+
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
8493+
{
8494+
$reverseProxy = $this->getProperty('reverseProxy', '');
8495+
if ($reverseProxy) {
8496+
$ipAddress = array_pop(explode(',', $request->getHeader('X-Forwarded-For')));
8497+
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
8498+
$ipAddress = $_SERVER['REMOTE_ADDR'];
8499+
} else {
8500+
$ipAddress = '127.0.0.1';
8501+
}
8502+
$allowedIpAddresses = $this->getProperty('allowedIpAddresses', '');
8503+
if (!$this->isIpAllowed($ipAddress, $allowedIpAddresses)) {
8504+
$response = $this->responder->error(ErrorCode::TEMPORARY_OR_PERMANENTLY_BLOCKED, '');
8505+
} else {
8506+
$response = $next->handle($request);
8507+
}
8508+
return $response;
8509+
}
8510+
}
8511+
}
8512+
83978513
// file: src/Tqdev/PhpCrudApi/Middleware/ReconnectMiddleware.php
83988514
namespace Tqdev\PhpCrudApi\Middleware {
83998515

@@ -9076,7 +9192,7 @@ private function getToken(): string
90769192
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
90779193
$token = bin2hex(random_bytes(8));
90789194
if (!headers_sent()) {
9079-
setcookie($cookieName, $token, 0, '', '', $secure);
9195+
setcookie($cookieName, $token, 0, '/', '', $secure);
90809196
}
90819197
}
90829198
return $token;
@@ -9089,7 +9205,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
90899205
$excludeMethods = $this->getArrayProperty('excludeMethods', 'OPTIONS,GET');
90909206
if (!in_array($method, $excludeMethods)) {
90919207
$headerName = $this->getProperty('headerName', 'X-XSRF-TOKEN');
9092-
if ($token != $request->getHeader($headerName)) {
9208+
if ($token != $request->getHeader($headerName)[0]) {
90939209
return $this->responder->error(ErrorCode::BAD_OR_MISSING_XSRF_TOKEN, '');
90949210
}
90959211
}

0 commit comments

Comments
 (0)