eduVPN /
vpn-server-api
| Conditions | 3 |
| Paths | 3 |
| Total Lines | 110 |
| Code Lines | 59 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 24 | public function get(array $serverConfig) |
||
| 25 | { |
||
| 26 | $requiredParameters = [ |
||
| 27 | 'cn', |
||
| 28 | 'valid_from', |
||
| 29 | 'valid_to', |
||
| 30 | 'dev', // tun-udp, tun-tcp, tun0, tun1, ... |
||
| 31 | 'proto', // udp6, tcp-server |
||
| 32 | 'port', // 1194 |
||
| 33 | 'v4_network', |
||
| 34 | 'v4_netmask', |
||
| 35 | 'v6_network', |
||
| 36 | 'v6_gateway', |
||
| 37 | 'management_port', // 7505, 7506, ... |
||
|
|
|||
| 38 | 'ca', |
||
| 39 | 'cert', |
||
| 40 | 'key', |
||
| 41 | 'dh', |
||
| 42 | 'ta', |
||
| 43 | ]; |
||
| 44 | |||
| 45 | // XXX verfiy the parameters and types |
||
| 46 | |||
| 47 | foreach ($requiredParameters as $p) { |
||
| 48 | if (!array_key_exists($p, $serverConfig)) { |
||
| 49 | throw new RuntimeException(sprintf('missing parameter "%s"', $p)); |
||
| 50 | } |
||
| 51 | } |
||
| 52 | |||
| 53 | return [ |
||
| 54 | sprintf('# OpenVPN Server Configuration for %s', $serverConfig['cn']), |
||
| 55 | |||
| 56 | sprintf('# Valid From: %s', date('c', $serverConfig['valid_from'])), |
||
| 57 | sprintf('# Valid To: %s', date('c', $serverConfig['valid_to'])), |
||
| 58 | |||
| 59 | sprintf('dev %s', $serverConfig['dev']), |
||
| 60 | |||
| 61 | # UDP6 (works also for UDP) |
||
| 62 | sprintf('proto %s', $serverConfig['proto']), |
||
| 63 | sprintf('port %d', $serverConfig['port']), |
||
| 64 | |||
| 65 | # IPv4 |
||
| 66 | sprintf('server %s %s nopool', $serverConfig['v4_network'], $serverConfig['v4_netmask']), |
||
| 67 | |||
| 68 | # IPv6 |
||
| 69 | sprintf('ifconfig-ipv6 %s %s', $serverConfig['v6_network'], $serverConfig['v6_gateway']), |
||
| 70 | 'tun-ipv6', |
||
| 71 | 'push "tun-ipv6"', |
||
| 72 | |||
| 73 | 'topology subnet', |
||
| 74 | # enable comp-lzo |
||
| 75 | 'comp-lzo yes', |
||
| 76 | 'push "comp-lzo yes"', |
||
| 77 | 'persist-key', |
||
| 78 | 'persist-tun', |
||
| 79 | 'verb 3', |
||
| 80 | 'max-clients 100', |
||
| 81 | 'keepalive 10 60', |
||
| 82 | 'user openvpn', |
||
| 83 | 'group openvpn', |
||
| 84 | 'remote-cert-tls client', |
||
| 85 | |||
| 86 | # CRYPTO |
||
| 87 | # |
||
| 88 | # See RFC 7525 for TLS configuration recommendations |
||
| 89 | # See https://bettercrypto.org for more OpenVPN configuration guidelines |
||
| 90 | # OpenVPN does not support ECDHE (https://community.openvpn.net/openvpn/wiki/Hardening) |
||
| 91 | |||
| 92 | 'auth SHA256', |
||
| 93 | 'cipher AES-256-CBC', |
||
| 94 | 'tls-version-min 1.2', |
||
| 95 | |||
| 96 | # to support iOS OpenVPN Connect 1.0.5 in the default configuration with |
||
| 97 | # "Force AES-CBC ciphersuites" enabled, we also need to accept an additional |
||
| 98 | # cipher "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", in that case add the previous to |
||
| 99 | # the below tls-cipher directive |
||
| 100 | 'tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384', |
||
| 101 | |||
| 102 | 'script-security 2', |
||
| 103 | 'client-connect /usr/bin/vpn-server-api-client-connect', |
||
| 104 | 'client-disconnect /usr/bin/vpn-server-api-client-disconnect', |
||
| 105 | |||
| 106 | # Certificate Revocation List |
||
| 107 | 'crl-verify /var/lib/vpn-server-api/ca.crl', |
||
| 108 | |||
| 109 | # ask client to tell us on disconnect |
||
| 110 | 'push "explicit-exit-notify 3"', |
||
| 111 | |||
| 112 | # disable "netbios", i.e. Windows file sharing over TCP/IP |
||
| 113 | #push "dhcp-option DISABLE-NBT" |
||
| 114 | |||
| 115 | # also send a NTP server |
||
| 116 | #push "dhcp-option NTP time.example.org" |
||
| 117 | |||
| 118 | # allow client-to-client communication, see openvpn(8) |
||
| 119 | #client-to-client |
||
| 120 | |||
| 121 | # need to allow 7505 also with SELinux |
||
| 122 | sprintf('management localhost %d', $serverConfig['management_port']), |
||
| 123 | |||
| 124 | sprintf('<ca>%s</ca>', PHP_EOL.$serverConfig['ca'].PHP_EOL), |
||
| 125 | sprintf('<cert>%s</cert>', PHP_EOL.$serverConfig['cert'].PHP_EOL), |
||
| 126 | sprintf('<key>%s</key>', PHP_EOL.$serverConfig['key'].PHP_EOL), |
||
| 127 | sprintf('<dh>%s</dh>', PHP_EOL.$serverConfig['dh'].PHP_EOL), |
||
| 128 | |||
| 129 | 'key-direction 0', |
||
| 130 | |||
| 131 | sprintf('<tls-auth>%s</tls-auth>', PHP_EOL.$serverConfig['ta'].PHP_EOL), |
||
| 132 | ]; |
||
| 133 | } |
||
| 134 | } |
||
| 135 |
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.