/** * Add new IP addresses or ranges to allow to deploy * * @param array $ips list of IP addresses or ranges (CIDR) * @return self itself for method chaining */ public function allowIpAddresses(array $ips) { static $counter = 0; $list = 'list' . $counter++; $this->firewall->addList($ips, $list, true); $this->firewall->setDefaultState(false); return $this; }
/** * @dataProvider listProvider */ public function testLists($list, $ips, $expectedResults) { $firewall = new FirewallClass(); $firewall->addList($list, 'list', true); foreach ($ips as $key => $ip) { $result = $firewall->setIpAddress($ip)->handle(); $this->assert->boolean($result)->isIdenticalTo($expectedResults[$key]); } }
/** * Execute the middleware. * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { if (!self::hasAttribute($request, ClientIp::KEY)) { throw new RuntimeException('Firewall middleware needs ClientIp executed before'); } $ips = ClientIp::getIps($request) ?: []; $firewall = new IpFirewall(); if (!empty($this->trusted)) { $firewall->addList($this->trusted, 'trusted', true); } if (!empty($this->untrusted)) { $firewall->addList($this->untrusted, 'untrusted', false); } foreach ($ips as $ip) { $ok = $firewall->setIpAddress($ip)->handle(); if (!$ok) { return $response->withStatus(403); } } return $next($request, $response); }