-
-
Notifications
You must be signed in to change notification settings - Fork 188
/
Ip.php
66 lines (61 loc) · 2.42 KB
/
Ip.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
namespace Neos\Flow\Security\RequestPattern;
/*
* This file is part of the Neos.Flow package.
*
* (c) Contributors of the Neos Project - www.neos.io
*
* This package is Open Source Software. For the full copyright and license
* information, please view the LICENSE file which was distributed with this
* source code.
*/
use Neos\Flow\Http\ServerRequestAttributes;
use Neos\Flow\Mvc\ActionRequest;
use Neos\Flow\Security\Exception\InvalidRequestPatternException;
use Neos\Flow\Security\RequestPatternInterface;
use Neos\Flow\Utility\Ip as IpUtility;
/**
* This class holds a CIDR IP pattern an decides, if an ActionRequest object matches against this pattern,
* comparing the client IP address.
*
* The pattern can contain IPv4 and IPv6 addresses (including IPv6 wrapped IPv4 addresses).
* @see http://tools.ietf.org/html/rfc4632
* @see http://tools.ietf.org/html/rfc4291#section-2.3
*
* Example: 127.0.0.0/24 will match all IP addresses from 127.0.0.0 to 127.0.0.255
* 127.0.0.0/31 and 127.0.0.1/31 will both match the IP addresses 127.0.0.0 and 127.0.0.1
* 127.0.0.254/31 and 127.0.0.255/31 will both match the IP addresses 127.0.0.254 and 127.0.0.255
* 1:2::3:4 will match the IPv6 address written as 1:2:0:0:0:0:3:4 or 1:2::3:4
* ::7F00:1 will match the address written as 127.0.0.1, ::127.0.0.1 or ::7F00:1
* ::1 (IPv6 loopback) will *not* match the address 127.0.0.1
*/
class Ip implements RequestPatternInterface
{
/**
* @var array
*/
protected $options;
/**
* Expects options in the form array('cidrPattern' => '<CIDR IP Pattern>')
*
* @param array $options
*/
public function __construct(array $options)
{
$this->options = $options;
}
/**
* Matches an ActionRequest against the set IP pattern rules
*
* @param ActionRequest $request The request that should be matched
* @return boolean true if the pattern matched, false otherwise
* @throws InvalidRequestPatternException
*/
public function matchRequest(ActionRequest $request)
{
if (!isset($this->options['cidrPattern'])) {
throw new InvalidRequestPatternException('Missing option "cidrPattern" in the Ip request pattern configuration', 1446224520);
}
return IpUtility::cidrMatch($request->getHttpRequest()->getAttribute(ServerRequestAttributes::CLIENT_IP), $this->options['cidrPattern']);
}
}