Total Complexity | 62 |
Total Lines | 609 |
Duplicated Lines | 0 % |
Changes | 6 | ||
Bugs | 0 | Features | 0 |
Complex classes like Firewall often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Firewall, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
59 | class Firewall |
||
60 | { |
||
61 | use FirewallTrait; |
||
62 | use XssProtectionTrait; |
||
63 | |||
64 | /** |
||
65 | * Collection of PSR-7 or PSR-15 middlewares. |
||
66 | * |
||
67 | * @var array |
||
68 | */ |
||
69 | protected $middlewares = []; |
||
70 | |||
71 | /** |
||
72 | * Constructor. |
||
73 | */ |
||
74 | public function __construct(?ServerRequestInterface $request = null, ?ResponseInterface $response = null) |
||
75 | { |
||
76 | Container::set('firewall', $this); |
||
77 | |||
78 | $this->kernel = new Kernel($request, $response); |
||
79 | } |
||
80 | |||
81 | /** |
||
82 | * Set up the path of the configuration file. |
||
83 | * |
||
84 | * @param string $source The path. |
||
85 | * @param string $type The type. |
||
86 | * |
||
87 | * @return void |
||
88 | */ |
||
89 | public function configure(string $source, string $type = 'json') |
||
115 | } |
||
116 | |||
117 | /** |
||
118 | * Add middlewares and use them before going into Shieldon kernal. |
||
119 | * |
||
120 | * @param MiddlewareInterface $middleware A PSR-15 middlewares. |
||
121 | * |
||
122 | * @return void |
||
123 | */ |
||
124 | public function add(MiddlewareInterface $middleware) |
||
127 | } |
||
128 | |||
129 | /** |
||
130 | * Setup everything we need. |
||
131 | * |
||
132 | * @return void |
||
133 | */ |
||
134 | public function setup(): void |
||
135 | { |
||
136 | $this->status = $this->getOption('daemon'); |
||
137 | |||
138 | $this->setDriver(); |
||
139 | |||
140 | $this->setChannel(); |
||
141 | |||
142 | $this->setIpSource(); |
||
143 | |||
144 | $this->setLogger(); |
||
145 | |||
146 | $this->setCoreModules(); |
||
147 | |||
148 | $this->setSessionLimit(); |
||
149 | |||
150 | $this->setCronJob(); |
||
151 | |||
152 | $this->setExcludedUrls(); |
||
153 | |||
154 | $this->setXssProtection(); |
||
155 | |||
156 | $this->setAuthentication(); |
||
157 | |||
158 | $this->setDialogUI(); |
||
159 | |||
160 | $this->setMessengers(); |
||
161 | |||
162 | $this->setMessageEvents(); |
||
|
|||
163 | |||
164 | $this->setDenyAttempts(); |
||
165 | |||
166 | $this->setIptablesWatchingFolder(); |
||
167 | } |
||
168 | |||
169 | /** |
||
170 | * Just, run! |
||
171 | * |
||
172 | * @return ResponseInterface |
||
173 | */ |
||
174 | public function run(): ResponseInterface |
||
211 | } |
||
212 | |||
213 | /** |
||
214 | * Set the channel ID. |
||
215 | * |
||
216 | * @return void |
||
217 | */ |
||
218 | protected function setChannel(): void |
||
219 | { |
||
220 | $channelId = $this->getOption('channel_id'); |
||
221 | |||
222 | if ($channelId) { |
||
223 | $this->kernel->setChannel($channelId); |
||
224 | } |
||
225 | } |
||
226 | |||
227 | /** |
||
228 | * Set a data driver for the use of Shiedon Firewall. |
||
229 | * Currently supports File, Redis, MySQL and SQLite. |
||
230 | * |
||
231 | * @return void |
||
232 | */ |
||
233 | protected function setDriver(): void |
||
234 | { |
||
235 | $driverType = $this->getOption('driver_type'); |
||
236 | $driverSetting = $this->getOption($driverType, 'drivers'); |
||
237 | |||
238 | if (isset($driverSetting['directory_path'])) { |
||
239 | $driverSetting['directory_path'] = $driverSetting['directory_path'] ?: $this->directory; |
||
240 | } |
||
241 | |||
242 | $driverInstance = DriverFactory::getInstance($driverType, $driverSetting); |
||
243 | |||
244 | $this->status = false; |
||
245 | if ($driverInstance !== null) { |
||
246 | $this->kernel->add($driverInstance); |
||
247 | $this->status = true; |
||
248 | } |
||
249 | } |
||
250 | |||
251 | /** |
||
252 | * Set up the action logger. |
||
253 | * |
||
254 | * @return void |
||
255 | */ |
||
256 | protected function setLogger(): void |
||
257 | { |
||
258 | $loggerSetting = $this->getOption('action', 'loggers'); |
||
259 | |||
260 | if ($loggerSetting['enable']) { |
||
261 | if (!empty($loggerSetting['config']['directory_path'])) { |
||
262 | $this->kernel->add(new ActionLogger($loggerSetting['config']['directory_path'])); |
||
263 | } |
||
264 | } |
||
265 | } |
||
266 | |||
267 | /** |
||
268 | * If you use CDN, please choose the real IP source. |
||
269 | * |
||
270 | * @return void |
||
271 | */ |
||
272 | protected function setIpSource(): void |
||
273 | { |
||
274 | $ipSourceType = $this->getOption('ip_variable_source'); |
||
275 | $serverParams = get_request()->getServerParams(); |
||
276 | |||
277 | /** |
||
278 | * REMOTE_ADDR: general |
||
279 | * HTTP_CF_CONNECTING_IP: Cloudflare |
||
280 | * HTTP_X_FORWARDED_FOR: Google Cloud CDN, Google Load-balancer, AWS. |
||
281 | * HTTP_X_FORWARDED_HOST: KeyCDN, or other CDN providers not listed here. |
||
282 | * |
||
283 | */ |
||
284 | $key = array_search(true, $ipSourceType); |
||
285 | $ip = $serverParams[$key]; |
||
286 | |||
287 | if (empty($ip)) { |
||
288 | // @codeCoverageIgnoreStart |
||
289 | throw new RuntimeException('IP source is not set correctly.'); |
||
290 | // @codeCoverageIgnoreEnd |
||
291 | } |
||
292 | |||
293 | $this->kernel->setIp($ip); |
||
294 | } |
||
295 | |||
296 | protected function setCoreModules(): void |
||
424 | } |
||
425 | } |
||
426 | |||
427 | /** |
||
428 | * Set the messenger modules. |
||
429 | * |
||
430 | * @return void |
||
431 | */ |
||
432 | protected function setMessengers(): void |
||
433 | { |
||
434 | /* |
||
435 | |-------------------------------------------------------------------------- |
||
436 | | Set messenger modules. |
||
437 | |-------------------------------------------------------------------------- |
||
438 | */ |
||
439 | |||
440 | $messengerList = [ |
||
441 | 'telegram', |
||
442 | 'line_notify', |
||
443 | 'sendgrid', |
||
444 | 'native_php_mail', |
||
445 | 'smtp', |
||
446 | 'mailgun', |
||
447 | 'rocket_chat', |
||
448 | 'slack', |
||
449 | 'slack_webhook', |
||
450 | ]; |
||
451 | |||
452 | foreach ($messengerList as $messenger) { |
||
453 | $setting = $this->getOption($messenger, 'messengers'); |
||
454 | |||
455 | if (is_array($setting)) { |
||
456 | |||
457 | // Initialize messenger instances from the factory/ |
||
458 | if (MessengerFactory::check($messenger, $setting)) { |
||
459 | |||
460 | $this->kernel->add( |
||
461 | MessengerFactory::getInstance( |
||
462 | // The ID of the messenger module in the configuration. |
||
463 | $messenger, |
||
464 | // The settings of the messenger module in the configuration. |
||
465 | $setting |
||
466 | ) |
||
467 | ); |
||
468 | } |
||
469 | } |
||
470 | |||
471 | unset($setting); |
||
472 | } |
||
473 | |||
474 | /* |
||
475 | |-------------------------------------------------------------------------- |
||
476 | | Set messenger events. |
||
477 | |-------------------------------------------------------------------------- |
||
478 | */ |
||
479 | |||
480 | $setting = $this->getOption('failed_attempts_in_a_row', 'events'); |
||
481 | |||
482 | $notifyDataCircle = $setting['data_circle']['messenger'] ?: false; |
||
483 | $notifySystemFirewall = $setting['system_firewall']['messenger'] ?: false; |
||
484 | |||
485 | $this->kernel->setProperty('deny_attempt_notify', [ |
||
486 | 'data_circle' => $notifyDataCircle, |
||
487 | 'system_firewall' => $notifySystemFirewall, |
||
488 | ]); |
||
489 | } |
||
490 | |||
491 | /** |
||
492 | * Set deny attempts. |
||
493 | * |
||
494 | * @return void |
||
495 | */ |
||
496 | protected function setDenyAttempts(): void |
||
497 | { |
||
498 | $setting = $this->getOption('failed_attempts_in_a_row', 'events'); |
||
499 | |||
500 | $enableDataCircle = $setting['data_circle']['enable'] ?: false; |
||
501 | $enableSystemFirewall = $setting['system_firewall']['enable'] ?: false; |
||
502 | |||
503 | $this->kernel->setProperty('deny_attempt_enable', [ |
||
504 | 'data_circle' => $enableDataCircle, |
||
505 | 'system_firewall' => $enableSystemFirewall, |
||
506 | ]); |
||
507 | |||
508 | $this->kernel->setProperty('deny_attempt_buffer', [ |
||
509 | 'data_circle' => $setting['data_circle']['buffer'] ?? 10, |
||
510 | 'system_firewall' => $setting['data_circle']['buffer'] ?? 10, |
||
511 | ]); |
||
512 | |||
513 | // Check the time of the last failed attempt. @since 0.2.0 |
||
514 | $recordAttempt = $this->getOption('record_attempt'); |
||
515 | |||
516 | $detectionPeriod = $recordAttempt['detection_period'] ?? 5; |
||
517 | $timeToReset = $recordAttempt['time_to_reset'] ?? 1800; |
||
518 | |||
519 | $this->kernel->setProperty('record_attempt_detection_period', $detectionPeriod); |
||
520 | $this->kernel->setProperty('reset_attempt_counter', $timeToReset); |
||
521 | } |
||
522 | |||
523 | /** |
||
524 | * Set iptables working folder. |
||
525 | * |
||
526 | * @return void |
||
527 | */ |
||
528 | protected function setIptablesWatchingFolder(): void |
||
529 | { |
||
530 | $iptablesSetting = $this->getOption('config', 'iptables'); |
||
531 | $this->kernel->setProperty('iptables_watching_folder', $iptablesSetting['watching_folder']); |
||
532 | } |
||
533 | |||
534 | /** |
||
535 | * Set the online session limit. |
||
536 | * |
||
537 | * @return void |
||
538 | */ |
||
539 | protected function setSessionLimit(): void |
||
540 | { |
||
541 | $sessionLimitSetting = $this->getOption('online_session_limit'); |
||
542 | |||
543 | if ($sessionLimitSetting['enable']) { |
||
544 | |||
545 | $onlineUsers = $sessionLimitSetting['config']['count'] ?? 100; |
||
546 | $alivePeriod = $sessionLimitSetting['config']['period'] ?? 300; |
||
547 | |||
548 | $this->kernel->limitSession($onlineUsers, $alivePeriod); |
||
549 | } |
||
550 | } |
||
551 | |||
552 | /** |
||
553 | * Set the cron job. |
||
554 | * This is triggered by the pageviews, not system cron job. |
||
555 | * |
||
556 | * @return void |
||
557 | */ |
||
558 | protected function setCronJob(): void |
||
559 | { |
||
560 | if (!$this->status) { |
||
561 | return; |
||
562 | } |
||
563 | |||
564 | $cronjobSetting = $this->getOption('reset_circle', 'cronjob'); |
||
565 | |||
566 | if ($cronjobSetting['enable']) { |
||
567 | |||
568 | $nowTime = time(); |
||
569 | |||
570 | $lastResetTime = $cronjobSetting['config']['last_update']; |
||
571 | |||
572 | if (!empty($lastResetTime) ) { |
||
573 | $lastResetTime = strtotime($lastResetTime); |
||
574 | } else { |
||
575 | // @codeCoverageIgnoreStart |
||
576 | $lastResetTime = strtotime(date('Y-m-d 00:00:00')); |
||
577 | // @codeCoverageIgnoreEnd |
||
578 | } |
||
579 | |||
580 | if (($nowTime - $lastResetTime) > $cronjobSetting['config']['period']) { |
||
581 | |||
582 | $updateResetTime = date('Y-m-d 00:00:00'); |
||
583 | |||
584 | // Update new reset time. |
||
585 | $this->setConfig('cronjob.reset_circle.config.last_update', $updateResetTime); |
||
586 | $this->updateConfig(); |
||
587 | |||
588 | // Remove all logs. |
||
589 | $this->kernel->driver->rebuild(); |
||
590 | } |
||
591 | } |
||
592 | } |
||
593 | |||
594 | /** |
||
595 | * Set the URLs that want to be excluded from Shieldon protection. |
||
596 | * |
||
597 | * @return void |
||
598 | */ |
||
599 | protected function setExcludedUrls(): void |
||
600 | { |
||
601 | $excludedUrls = $this->getOption('excluded_urls'); |
||
602 | |||
603 | if (!empty($excludedUrls)) { |
||
604 | $list = array_column($excludedUrls, 'url'); |
||
605 | |||
606 | $this->kernel->setExcludedUrls($list); |
||
607 | } |
||
608 | } |
||
609 | |||
610 | |||
611 | |||
612 | /** |
||
613 | * WWW-Athentication. |
||
614 | * |
||
615 | * @return void |
||
616 | */ |
||
617 | protected function setAuthentication(): void |
||
618 | { |
||
619 | $authenticateList = $this->getOption('www_authenticate'); |
||
620 | |||
621 | if (is_array($authenticateList)) { |
||
622 | $this->add(new Middleware\httpAuthentication($authenticateList)); |
||
623 | } |
||
624 | } |
||
625 | |||
626 | /** |
||
627 | * Apply the denied list and the allowed list to Ip Component. |
||
628 | */ |
||
629 | protected function applyComponentIpManager() |
||
630 | { |
||
631 | $ipList = $this->getOption('ip_manager'); |
||
632 | |||
633 | $allowedList = []; |
||
634 | $deniedList = []; |
||
635 | |||
636 | if (is_array($ipList)) { |
||
637 | foreach ($ipList as $ip) { |
||
638 | |||
639 | if (0 === strpos($this->kernel->getCurrentUrl(), $ip['url']) ) { |
||
640 | |||
641 | if ('allow' === $ip['rule']) { |
||
642 | $allowedList[] = $ip['ip']; |
||
643 | } |
||
644 | |||
645 | if ('deny' === $ip['rule']) { |
||
646 | $deniedList[] = $ip['ip']; |
||
647 | } |
||
648 | } |
||
649 | } |
||
650 | } |
||
651 | |||
652 | $this->kernel->component['Ip']->setAllowedItems($allowedList); |
||
653 | $this->kernel->component['Ip']->setDeniedItems($deniedList); |
||
654 | } |
||
655 | |||
656 | /** |
||
657 | * Set dialog UI. |
||
658 | * |
||
659 | * @return void |
||
660 | */ |
||
661 | protected function setDialogUI() |
||
668 | } |
||
669 | } |
||
670 | } |
||
671 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.