eduvpn /
vpn-server-node
| Conditions | 9 |
| Paths | 32 |
| Total Lines | 106 |
| Code Lines | 66 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 110 | private function writeProcess($instanceId, $profileId, ProfileConfig $profileConfig, array $processConfig) |
||
| 111 | { |
||
| 112 | $tlsDir = sprintf('tls/%s/%s', $instanceId, $profileId); |
||
| 113 | |||
| 114 | $rangeIp = new IP($processConfig['range']); |
||
| 115 | $range6Ip = new IP($processConfig['range6']); |
||
| 116 | |||
| 117 | // static options |
||
| 118 | $serverConfig = [ |
||
| 119 | 'verb 3', |
||
| 120 | 'dev-type tun', |
||
| 121 | sprintf('user %s', $profileConfig->getItem('_user')), |
||
| 122 | sprintf('group %s', $profileConfig->getItem('_group')), |
||
| 123 | 'topology subnet', |
||
| 124 | 'persist-key', |
||
| 125 | 'persist-tun', |
||
| 126 | 'keepalive 10 60', |
||
| 127 | 'comp-lzo no', |
||
| 128 | 'remote-cert-tls client', |
||
| 129 | 'tls-version-min 1.2', |
||
| 130 | 'tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384', |
||
| 131 | 'auth SHA256', |
||
| 132 | 'dh none', // Only ECDHE |
||
| 133 | |||
| 134 | // 2.4 only clients: 'ncp-ciphers AES-256-GCM', |
||
| 135 | // 2.4 only clients: 'cipher AES-256-GCM', // also should update the client config to set this, but ncp overrides --cipher |
||
| 136 | 'cipher AES-256-CBC', |
||
| 137 | 'client-connect /usr/libexec/vpn-server-node-client-connect', |
||
| 138 | 'client-disconnect /usr/libexec/vpn-server-node-client-disconnect', |
||
| 139 | 'push "comp-lzo no"', |
||
| 140 | 'push "explicit-exit-notify 3"', |
||
| 141 | |||
| 142 | // we probably do NOT want this, it is up to the client to decide |
||
| 143 | // about this! |
||
| 144 | //'push "persist-key"', |
||
| 145 | //'push "persist-tun"', |
||
| 146 | |||
| 147 | sprintf('ca %s/ca.crt', $tlsDir), |
||
| 148 | sprintf('cert %s/server.crt', $tlsDir), |
||
| 149 | sprintf('key %s/server.key', $tlsDir), |
||
| 150 | sprintf('server %s %s', $rangeIp->getNetwork(), $rangeIp->getNetmask()), |
||
| 151 | sprintf('server-ipv6 %s', $range6Ip->getAddressPrefix()), |
||
| 152 | sprintf('max-clients %d', $rangeIp->getNumberOfHosts() - 1), |
||
| 153 | sprintf('script-security %d', $profileConfig->getItem('twoFactor') ? 3 : 2), |
||
| 154 | sprintf('dev %s', $processConfig['dev']), |
||
| 155 | sprintf('port %d', $processConfig['port']), |
||
| 156 | sprintf('management %s %d', $processConfig['managementIp'], $processConfig['managementPort']), |
||
| 157 | sprintf('setenv INSTANCE_ID %s', $instanceId), |
||
| 158 | sprintf('setenv PROFILE_ID %s', $profileId), |
||
| 159 | sprintf('proto %s', $processConfig['proto']), |
||
| 160 | sprintf('local %s', $processConfig['local']), |
||
| 161 | ]; |
||
| 162 | |||
| 163 | if (!$profileConfig->getItem('enableLog')) { |
||
| 164 | $serverConfig[] = 'log /dev/null'; |
||
| 165 | } |
||
| 166 | |||
| 167 | if ('tcp-server' === $processConfig['proto'] || 'tcp6-server' === $processConfig['proto']) { |
||
| 168 | $serverConfig[] = 'tcp-nodelay'; |
||
| 169 | } |
||
| 170 | |||
| 171 | if ('udp' === $processConfig['proto'] || 'udp6' === $processConfig['proto']) { |
||
| 172 | // notify the clients to reconnect when restarting OpenVPN on the server |
||
| 173 | // OpenVPN server >= 2.4 |
||
| 174 | $serverConfig[] = 'explicit-exit-notify 1'; |
||
| 175 | } |
||
| 176 | |||
| 177 | if ($profileConfig->getItem('twoFactor')) { |
||
| 178 | $serverConfig[] = 'auth-gen-token'; // Added in OpenVPN 2.4 |
||
| 179 | $serverConfig[] = 'auth-user-pass-verify /usr/libexec/vpn-server-node-verify-otp via-env'; |
||
| 180 | } |
||
| 181 | |||
| 182 | if ($profileConfig->getItem('tlsCrypt')) { |
||
| 183 | $serverConfig[] = sprintf('tls-crypt %s/ta.key', $tlsDir); |
||
| 184 | } else { |
||
| 185 | $serverConfig[] = sprintf('tls-auth %s/ta.key 0', $tlsDir); |
||
| 186 | } |
||
| 187 | |||
| 188 | // Routes |
||
| 189 | $serverConfig = array_merge($serverConfig, self::getRoutes($profileConfig)); |
||
| 190 | |||
| 191 | // DNS |
||
| 192 | $serverConfig = array_merge($serverConfig, self::getDns($profileConfig)); |
||
| 193 | |||
| 194 | // Client-to-client |
||
| 195 | $serverConfig = array_merge($serverConfig, self::getClientToClient($profileConfig)); |
||
| 196 | |||
| 197 | sort($serverConfig, SORT_STRING); |
||
| 198 | |||
| 199 | $serverConfig = array_merge( |
||
| 200 | [ |
||
| 201 | '#', |
||
| 202 | '# OpenVPN Server Configuration', |
||
| 203 | '#', |
||
| 204 | '# ******************************************', |
||
| 205 | '# * THIS FILE IS GENERATED, DO NOT MODIFY! *', |
||
| 206 | '# ******************************************', |
||
| 207 | '#', |
||
| 208 | ], |
||
| 209 | $serverConfig |
||
| 210 | ); |
||
| 211 | |||
| 212 | $configFile = sprintf('%s/%s', $this->vpnConfigDir, $processConfig['configName']); |
||
| 213 | |||
| 214 | FileIO::writeFile($configFile, implode(PHP_EOL, $serverConfig), 0600); |
||
| 215 | } |
||
| 216 | |||
| 308 |
Loading history...
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.