Issues in UserRealIpMiddleware.php - New Issues - Inspection of "fixed yiisoft/event-dispatcher version to tagged" - hiqdev/hiapi - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 882cbc...a9ee6a )

unknown

created 2021-03-26 13:52 UTC

src/Http/Psr15/Middleware/UserRealIpMiddleware.php (1 issue)

Labels

Bug 1

Severity

Critical 1

SilverFire - Dmitry Naumenko 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types=1);

namespace hiapi\Core\Http\Psr15\Middleware;

use hiapi\Core\Utils\CIDR;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;

class UserRealIpMiddleware implements MiddlewareInterface
{
    public const ATTRIBUTE_NAME = 'user-real-ip';
    /**
     * @var string[] Networks than are allowed to override client IP
     */
    private array $trustedNets;


    public string $ipAttribute = self::ATTRIBUTE_NAME;

    public function __construct(array $trustedNets)
    {
        $this->trustedNets = $trustedNets;
    }

    /**
     * @inheritDoc
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        return $handler->handle($this->prepare($request));
    }

    private function prepare(ServerRequestInterface $request): ServerRequestInterface
    {
        $oldip = $this->getIp($request);
        $request = $request->withAttribute($this->ipAttribute, $oldip);

        if (!CIDR::matchBulk($oldip, $this->trustedNets)) {
            return $request;
        }

        $newip = $this->getNewIp($request);
        if (empty($newip) || $newip === $oldip) {
            return $request;
        }

        return $this->setNewIp($request, $newip);
    }

    private function getIp(ServerRequestInterface $request): string
    {
        return $request->getServerParams()['REMOTE_ADDR'] ?? '';
    }

    private function getNewIp(ServerRequestInterface $request): string
    {
        $change = $request->getHeaderLine('X-User-Ip') ?: $this->getParam($request, 'auth_ip');

        return filter_var($change, FILTER_VALIDATE_IP) ?: '';
    }

    private function setNewIp(ServerRequestInterface $request, string $ip)
    {
        /// legacy compatibility
        unset($_REQUEST['auth_ip']);
        $_SERVER['REMOTE_ADDR'] = $ip;

        # XXX TODO withServerParams NOT DEFINED !!!
        #$params = $request->getServerParams();
        #$params['REMOTE_ADDR'] = $ip;
        #return $request->withServerParams($params);

        return $request->withAttribute($this->ipAttribute, $ip);
    }

    private function getParam(ServerRequestInterface $request, string $name): ?string
    {
        return $request->getParsedBody()[$name] ?? $request->getQueryParams()[$name] ?? null;
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace hiapi\Core\Http\Psr15\Middleware;
5
6			use hiapi\Core\Utils\CIDR;
7			use Psr\Http\Message\ResponseInterface;
8			use Psr\Http\Message\ServerRequestInterface;
9			use Psr\Http\Server\MiddlewareInterface;
10			use Psr\Http\Server\RequestHandlerInterface;
11
12			class UserRealIpMiddleware implements MiddlewareInterface
13			{
14			public const ATTRIBUTE_NAME = 'user-real-ip';
15			/**
16			* @var string[] Networks than are allowed to override client IP
17			*/
18			private array $trustedNets;
			0 ignored issues – show Bug introduced 2021-03-26 14:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_ARRAY, expecting T_FUNCTION or T_CONST Loading history...
19
20			public string $ipAttribute = self::ATTRIBUTE_NAME;
21
22			public function __construct(array $trustedNets)
23			{
24			$this->trustedNets = $trustedNets;
25			}
26
27			/**
28			* @inheritDoc
29			*/
30			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
31			{
32			return $handler->handle($this->prepare($request));
33			}
34
35			private function prepare(ServerRequestInterface $request): ServerRequestInterface
36			{
37			$oldip = $this->getIp($request);
38			$request = $request->withAttribute($this->ipAttribute, $oldip);
39
40			if (!CIDR::matchBulk($oldip, $this->trustedNets)) {
41			return $request;
42			}
43
44			$newip = $this->getNewIp($request);
45			if (empty($newip) \|\| $newip === $oldip) {
46			return $request;
47			}
48
49			return $this->setNewIp($request, $newip);
50			}
51
52			private function getIp(ServerRequestInterface $request): string
53			{
54			return $request->getServerParams()['REMOTE_ADDR'] ?? '';
55			}
56
57			private function getNewIp(ServerRequestInterface $request): string
58			{
59			$change = $request->getHeaderLine('X-User-Ip') ?: $this->getParam($request, 'auth_ip');
60
61			return filter_var($change, FILTER_VALIDATE_IP) ?: '';
62			}
63
64			private function setNewIp(ServerRequestInterface $request, string $ip)
65			{
66			/// legacy compatibility
67			unset($_REQUEST['auth_ip']);
68			$_SERVER['REMOTE_ADDR'] = $ip;
69
70			# XXX TODO withServerParams NOT DEFINED !!!
71			#$params = $request->getServerParams();
72			#$params['REMOTE_ADDR'] = $ip;
73			#return $request->withServerParams($params);
74
75			return $request->withAttribute($this->ipAttribute, $ip);
76			}
77
78			private function getParam(ServerRequestInterface $request, string $name): ?string
79			{
80			return $request->getParsedBody()[$name] ?? $request->getQueryParams()[$name] ?? null;
81			}
82			}
83

hiqdev / hiapi

Push — master ( 882cbc...a9ee6a )

src/Http/Psr15/Middleware/UserRealIpMiddleware.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like