/**
* Add new IP addresses or ranges to allow to deploy
*
* @param array $ips list of IP addresses or ranges (CIDR)
* @return self itself for method chaining
*/
public function allowIpAddresses(array $ips)
{
static $counter = 0;
$list = 'list' . $counter++;
$this->firewall->addList($ips, $list, true);
$this->firewall->setDefaultState(false);
return $this;
}
/**
* @dataProvider listProvider
*/
public function testLists($list, $ips, $expectedResults)
{
$firewall = new FirewallClass();
$firewall->addList($list, 'list', true);
foreach ($ips as $key => $ip) {
$result = $firewall->setIpAddress($ip)->handle();
$this->assert->boolean($result)->isIdenticalTo($expectedResults[$key]);
}
}
/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
if (!self::hasAttribute($request, ClientIp::KEY)) {
throw new RuntimeException('Firewall middleware needs ClientIp executed before');
}
$ips = ClientIp::getIps($request) ?: [];
$firewall = new IpFirewall();
if (!empty($this->trusted)) {
$firewall->addList($this->trusted, 'trusted', true);
}
if (!empty($this->untrusted)) {
$firewall->addList($this->untrusted, 'untrusted', false);
}
foreach ($ips as $ip) {
$ok = $firewall->setIpAddress($ip)->handle();
if (!$ok) {
return $response->withStatus(403);
}
}
return $next($request, $response);
}
