Merge pull request #27 from zf-fr/add-docker-ip

Take into account Docker localhost

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 5.1.1
+
+* Adds support for detecting localhost requests coming from Docker environment
+
 # 5.1.0
 
 * ZfrEbWorker adds a new security improvement by restricting the internal worker to localhost only.

src/Middleware/LocalhostCheckerMiddleware.php

@@ -31,8 +31,8 @@ public function __invoke(
         $serverParams = $request->getServerParams();
         $remoteAddr   = $serverParams['REMOTE_ADDR'] ?? '';
 
-        // If request is not originating from localhost, we simply return 200
-        if (!in_array($remoteAddr, $this->localhost)) {
+        // If request is not originating from localhost or from Docker local IP, we simply return 200
+        if (!in_array($remoteAddr, $this->localhost) && !fnmatch('172.17.*', $remoteAddr)) {
             return $response->withStatus(403);
         }
 

test/Middleware/LocalhostCheckerMiddlewareTest.php

@@ -24,6 +24,30 @@ public function testReturns403IfNotFromLocalhost()
         $this->assertEquals(403, $returnedResponse->getStatusCode());
     }
 
+    public function dockerIpAddresses()
+    {
+        return [['172.17.42.1'], ['172.17.0.1']];
+    }
+
+    /**
+     * @dataProvider dockerIpAddresses
+     */
+    public function testDelegatesIfFromDockerLocal(string $ipAddress)
+    {
+        $request  = $this->prophesize(ServerRequestInterface::class);
+        $response = new Response();
+
+        $request->getServerParams()->shouldBeCalled()->willReturn(['REMOTE_ADDR' => $ipAddress]);
+
+        $middleware = new LocalhostCheckerMiddleware();
+
+        $returnedResponse = $middleware->__invoke($request->reveal(), $response, function($request, $response, $out) {
+            return $response;
+        });
+
+        $this->assertEquals(200, $returnedResponse->getStatusCode());
+    }
+
     public function testDelegateIfFromIPv4Localhost()
     {
         $request  = $this->prophesize(ServerRequestInterface::class);