Merge pull request #76 from julienloizelet/fix/standalone-forward-ips

julienloizelet · web-flow · commit b26f467c1c42 · 2022-03-18T18:31:32.000+09:00
Fix/standalone forward ips
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 
+## [0.18.0] - 2022-03-18
+### Changed
+- *Breaking change*: Change `trust_ip_forward_array` symfony configuration node to an array of array.
+
 ## [0.17.1] - 2022-03-17
 ### Removed
 - Remove testing scripts for quality gate test
diff --git a/src/AbstractBounce.php b/src/AbstractBounce.php
@@ -161,6 +161,7 @@ protected function shouldTrustXforwardedFor(string $ip): bool
 
             return false;
         }
+
         foreach ($this->getTrustForwardedIpBoundsList() as $comparableIpBounds) {
             if ($comparableAddress >= $comparableIpBounds[0] && $comparableAddress <= $comparableIpBounds[1]) {
                 return true;
diff --git a/src/ApiCache.php b/src/ApiCache.php
@@ -694,10 +694,8 @@ private function hit(string $ip): string
     }
 
     /**
-     * @param string $cacheScope
      * @param $value
      *
-     * @return string
      * @throws InvalidArgumentException
      * @throws Exception
      */
diff --git a/src/Configuration.php b/src/Configuration.php
@@ -52,7 +52,9 @@ public function getConfigTreeBuilder(): TreeBuilder
                     ->defaultValue(Constants::REMEDIATION_CAPTCHA)
                 ->end()
                 ->arrayNode('trust_ip_forward_array')
-                    ->scalarPrototype()->end()
+                    ->arrayPrototype()
+                        ->scalarPrototype()->end()
+                    ->end()
                 ->end()
                 // Cache
                 ->booleanNode('stream_mode')->defaultValue(false)->end()
diff --git a/src/Constants.php b/src/Constants.php
@@ -20,7 +20,7 @@ class Constants
     public const DEFAULT_LAPI_URL = 'http://localhost:8080';
 
     /** @var string The last version of this library */
-    public const VERSION = 'v0.17.1';
+    public const VERSION = 'v0.18.0';
 
     /** @var string The user agent used to send request to LAPI */
     public const BASE_USER_AGENT = 'PHP CrowdSec Bouncer/'.self::VERSION;
diff --git a/src/StandaloneBounce.php b/src/StandaloneBounce.php
@@ -4,6 +4,7 @@
 
 use ErrorException;
 use Exception;
+use IPLib\Factory;
 use Symfony\Component\Cache\Adapter\AbstractAdapter;
 use Symfony\Component\Cache\Adapter\MemcachedAdapter;
 use Symfony\Component\Cache\Adapter\PhpFilesAdapter;
@@ -44,7 +45,25 @@ public function init(array $configs, array $forcedConfigs = []): Bouncer
             $this->session_name = session_name('crowdsec');
             session_start();
         }
+        // Convert array of string to array of array with comparable IPs
+        if (\is_array(($configs['trust_ip_forward_array']))) {
+            $forwardConfigs = $configs['trust_ip_forward_array'];
+            $finalForwardConfigs = [];
+            foreach ($forwardConfigs as $forwardConfig) {
+                if (\is_string($forwardConfig)) {
+                    $parsedString = Factory::parseAddressString($forwardConfig, 3);
+                    if (!empty($parsedString)) {
+                        $comparableValue = $parsedString->getComparableString();
+                        $finalForwardConfigs[] = [$comparableValue, $comparableValue];
+                    }
+                } elseif (\is_array($forwardConfig)) {
+                    $finalForwardConfigs[] = $forwardConfig;
+                }
+            }
+            $configs['trust_ip_forward_array'] = $finalForwardConfigs;
+        }
         $this->settings = $configs;
+
         if (\is_array($forcedConfigs)) {
             $this->settings = array_merge($this->settings, $forcedConfigs);
         }
@@ -384,14 +403,13 @@ public function sendResponse(?string $body, int $statusCode = 200): void
     public function safelyBounce(array $configs): bool
     {
         $result = false;
+        set_error_handler(function ($errno, $errstr) {
+            throw new BouncerException("$errstr (Error level: $errno)");
+        });
         try {
-            set_error_handler(function ($errno, $errstr) {
-                throw new BouncerException("$errstr (Error level: $errno)");
-            });
             $this->init($configs);
             $this->run();
             $result = true;
-            restore_error_handler();
         } catch (Exception $e) {
             $this->logger->error('', [
                 'type' => 'EXCEPTION_WHILE_BOUNCING',
@@ -409,6 +427,7 @@ public function safelyBounce(array $configs): bool
                 session_name($this->session_name);
             }
         }
+        restore_error_handler();
 
         return $result;
     }

Original file line number	Diff line number	Diff line change
`@@ -161,6 +161,7 @@ protected function shouldTrustXforwardedFor(string $ip): bool`
`161`	`161`
`162`	`162`	`return false;`
`163`	`163`	`}`
	`164`	`+`
`164`	`165`	`foreach ($this->getTrustForwardedIpBoundsList() as $comparableIpBounds) {`
`165`	`166`	`if ($comparableAddress >= $comparableIpBounds[0] && $comparableAddress <= $comparableIpBounds[1]) {`
`166`	`167`	`return true;`
Original file line number	Diff line number	Diff line change
`@@ -694,10 +694,8 @@ private function hit(string $ip): string`
`694`	`694`	`}`
`695`	`695`
`696`	`696`	`/**`
`697`		`- * @param string $cacheScope`
`698`	`697`	`* @param $value`
`699`	`698`	`*`
`700`		`- * @return string`
`701`	`699`	`* @throws InvalidArgumentException`
`702`	`700`	`* @throws Exception`
`703`	`701`	`*/`