New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Store IP address for every post #440
Comments
@tobscure What would be the cleanest way to obtain the user's IP address? I would say to get it from the |
@oldskool Thanks for looking into this. You're correct that we should get it from ServerRequestInterface. I think we need to get the value in Flarum\Api\Controller\CreatePostController and pass it into the PostReply command in the data array. Then the PostReplyHandler can pass it into CommentPost::reply. |
We're using the We need to decide whether it's worth supporting clients behind reverse proxies, like we did in FluxBB or like Symfony's HttpFoundation does it. |
This is what I currently have in mind: https://github.com/flarum/core/compare/master...oldskool:ip-logging?expand=1 Any comments/suggestions? |
Mostly looks good, thanks! Unfortunately you'll need to rebase on top of the master branch as there have recently been some significant changes to the Request/Action side of things. Specifically:
Sorry about that! |
@tobscure No problem at all, I'm used to rebasing pretty much every other PR I make as I'm often working in active development environments 😉 |
The only thing I noticed: we probably don't want to throw an exception, but rather supply a default value that will be used if the server param does not exist. |
@franzliedke I specifically put in that exception because you're doing a specific call Edit: Something else that comes to mind is a seperate "hasser" like |
How about Note, though, that the JsonApiAction class is gone, so you'll need to add that method somewhere else... I'm thinking about writing a helper class that makes things like these easier when working with PSR-7-style HTTP requests. |
@franzliedke Yeah, that could work. I was thinking about a Helper class yesterday as well, feels like this kind of action is going to be needed more often, so a Helper class seems useful. I'll look into this some more this weekend. |
Let's build a package. PSR-7 stuff is super useful, but the APIs sometimes require more boilerplate than necessary... |
@franzliedke Sounds good, I'd love to contribute :) @oldskool Would you be able to do the rebased PR this week? Wanna try and get beta 3 out the door. (In lieu of the PSR-7 helper package, using |
Though don't forget the default parameter: |
@oldskool Will you have time to work on this in the next days? If not, no worries, but could we take your code to build upon it? :) |
@franzliedke I'm working on it right now. I hope to get the PR ready today or tomorrow. |
I'm stuck with testing this, I finally got my dev environment up and running again after merging all edits and running a db update (config -> settings), but now I have another issue with composer. See #605 Any simple way to fix this? I can't test my edits like this. |
I'm still having some problems with my dev environment, I think I have to start over from scratch with Vagrant. This is my latest WIP: https://github.com/flarum/core/compare/flarum:master...oldskool:ip-logging?expand=1 But I haven't been able to verify/test if this fully works because of the issues. I'll try to get them resolved ASAP, but feel free to continue on the above code changes if it needs to be implemented sooner. |
This seems a bit pre-GDPR mind-set. Any chance to improve this to be optional or time-limited? IPs are personal data and it seems a bit excessive to store them with every post indefinitely in the database. At least for our use, I would like to disable IP logging completely (outside of what the webserver does in the rotated logs). |
You're right that IPs are personal data, but it's a fairly common think to want to log. You could set up a cron job to automatically delete IPs on posts older than a week, for example, or create an extension that strips IPs from the data being added to the database entirely. |
Yes I could probably do that, but first of all this seems like a work-around to something that isn't really needed in the first place (the GDPR is quite strict in what is needed functionally and what not) and secondly, even if we store the IP only for short time we would still need to ask for user consent regarding it in our privacy policy. At least that is my IANAL understanding as the personal data isn't only processed for technical reasons like in the case of short term web-server logging. |
There are a lot of contributing factors with regards to IP addresses and their personal identification of a user. That said, we have spoken on a GDPR extension discussion with regards to anonymising an IP address by obfuscating the last few octets of the address. |
This is pretty essential information that will be useful to many extensions.
php flarum generate:migration
)CommentPost::reply()
)The text was updated successfully, but these errors were encountered: