Added GET /remote/ip endpoint

2025-01-15 18:52:20 +01:00 · 2018-04-17 21:30:44 +02:00 · 2018-04-17 21:30:44 +02:00 · b2cf655a88
commit b2cf655a88
parent 16a56184b8
6 changed files with 136 additions and 2 deletions
--- a/backend/src/config/ConfigDefault.php
+++ b/backend/src/config/ConfigDefault.php
@ -33,7 +33,8 @@ $defaultConfig = [
            'OPT', 'PTR', 'RKEY', 'RP', 'RRSIG', 'SIG', 'SPF',
            'SRV', 'TKEY', 'SSHFP', 'TLSA', 'TSIG', 'TXT', 'WKS', 'MBOXFW', 'URL'
        ]
-    ]
+    ],
+    'proxys' => []
 ];

 if (file_exists('../config/ConfigOverride.php')) {
--- a/backend/src/controllers/Remote.php
+++ b/backend/src/controllers/Remote.php
@ -0,0 +1,30 @@
+<?php
+
+namespace Controllers;
+
+require '../vendor/autoload.php';
+
+use \Slim\Http\Request as Request;
+use \Slim\Http\Response as Response;
+
+class Remote
+{
+    /** @var \Monolog\Logger */
+    private $logger;
+
+    /** @var \Slim\Container */
+    private $c;
+
+    public function __construct(\Slim\Container $c)
+    {
+        $this->logger = $c->logger;
+        $this->c = $c;
+    }
+
+    public function ip(Request $req, Response $res, array $args)
+    {
+        return $res->withJson([
+            'ip' => $req->getAttribute('clientIp')
+        ], 200);
+    }
+}
--- a/backend/src/middlewares/ClientIp.php
+++ b/backend/src/middlewares/ClientIp.php
@ -0,0 +1,53 @@
+<?php
+
+namespace Middlewares;
+
+require '../vendor/autoload.php';
+
+use \Slim\Http\Request as Request;
+use \Slim\Http\Response as Response;
+
+class ClientIp
+{
+    /** @var \Monolog\Logger */
+    private $logger;
+
+    /** @var \Slim\Container */
+    private $container;
+
+    public function __construct(\Slim\Container $c)
+    {
+        $this->logger = $c->logger;
+        $this->container = $c;
+    }
+
+    public function __invoke(Request $req, Response $res, callable $next)
+    {
+        $proxys = $this->container['config']['proxys'];
+
+        $headerContent = $req->getHeaderLine('X-Forwarded-For');
+
+        if (strlen($headerContent) === 0) {
+            $ip = $_SERVER['REMOTE_ADDR'];
+        } else {
+            if (!in_array($_SERVER['REMOTE_ADDR'], $proxys)) { // Client is not trusted proxy
+                $ip = $_SERVER['REMOTE_ADDR'];
+            } else {
+                $parts = array_map('trim', explode(',', $headerContent));
+
+                $ip = $_SERVER['REMOTE_ADDR'];
+
+                for ($i = count($parts) - 1; $i >= 0; $i--) {
+                    if (in_array($parts[$i], $proxys) && $i > 0) {
+                        $ip = $parts[$i - 1];
+                    } else {
+                        break;
+                    }
+                }
+            }
+        }
+
+        $req = $req->withAttribute('clientIp', $ip);
+        return $next($req, $res);
+    }
+}
--- a/backend/src/public/index.php
+++ b/backend/src/public/index.php
@ -30,6 +30,8 @@ $app = new \Slim\App($container);
 $app->group('/v1', function () {
    $this->post('/sessions', '\Controllers\Sessions:post');

+    $this->get('/remote/ip', '\Controllers\Remote:ip');
+
    $this->group('', function () {
        $this->delete('/sessions/{sessionId}', '\Controllers\Sessions:delete');

@ -69,6 +71,7 @@ $app->group('/v1', function () {
 // Add global middlewares
 $app->add('\Middlewares\LogRequests');
 $app->add('\Middlewares\RejectEmptyBody');
+$app->add('\Middlewares\ClientIp');

 // Run application
 $app->run();
--- a/backend/test/test.sh
+++ b/backend/test/test.sh
@ -31,7 +31,8 @@ return [
                'notindb' => '\$2y\$10\$z1dD1Q5u68l5iqEmqnOAVuoR5VWR77HUfxMUycJ9TdDG3H5dLZGVW'
            ]
        ]
-    ]
+    ],
+    'proxys' => ['127.0.0.1']
 ];
 EOM
 }
--- a/backend/test/tests/remote-ip.js
+++ b/backend/test/tests/remote-ip.js
@ -0,0 +1,46 @@
+const test = require('../testlib');
+
+test.run(async function () {
+    await test('admin', async function (assert, req) {
+        var res = await req({
+            url: '/remote/ip',
+            method: 'get'
+        });
+
+        assert.equal(res.status, 200);
+        assert.equal(res.data, { ip: '127.0.0.1' }, 'No proxy header should return tcp client ip.');
+
+        var res = await req({
+            url: '/remote/ip',
+            method: 'get',
+            headers: {
+                'X-Forwarded-For': '1.2.3.4, 127.0.0.1'
+            }
+        });
+
+        assert.equal(res.status, 200);
+        assert.equal(res.data, { ip: '1.2.3.4' }, 'X-Forwarded-For Test 1');
+
+        var res = await req({
+            url: '/remote/ip',
+            method: 'get',
+            headers: {
+                'X-Forwarded-For': '4.3.2.1, 1.2.3.4, 127.0.0.1'
+            }
+        });
+
+        assert.equal(res.status, 200);
+        assert.equal(res.data, { ip: '1.2.3.4' }, 'X-Forwarded-For Test 2');
+
+        var res = await req({
+            url: '/remote/ip',
+            method: 'get',
+            headers: {
+                'X-Forwarded-For': '4.3.2.1, 1.2.3.4'
+            }
+        });
+
+        assert.equal(res.status, 200);
+        assert.equal(res.data, { ip: '127.0.0.1' }, 'X-Forwarded-For Test 3');
+    });
+});