Total Complexity | 100 |
Total Lines | 1064 |
Duplicated Lines | 0 % |
Changes | 6 | ||
Bugs | 0 | Features | 0 |
Complex classes like Kernel often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Kernel, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
83 | class Kernel |
||
84 | { |
||
85 | use IpTrait; |
||
86 | use FilterTrait; |
||
87 | use RuleTrait; |
||
88 | use LimitSessionTrait; |
||
89 | |||
90 | // Reason codes (allow) |
||
91 | const REASON_IS_SEARCH_ENGINE = 100; |
||
92 | const REASON_IS_GOOGLE = 101; |
||
93 | const REASON_IS_BING = 102; |
||
94 | const REASON_IS_YAHOO = 103; |
||
95 | const REASON_IS_SOCIAL_NETWORK = 110; |
||
96 | const REASON_IS_FACEBOOK = 111; |
||
97 | const REASON_IS_TWITTER = 112; |
||
98 | |||
99 | // Reason codes (deny) |
||
100 | const REASON_TOO_MANY_SESSIONS = 1; |
||
101 | const REASON_TOO_MANY_ACCESSES = 2; // (not used) |
||
102 | const REASON_EMPTY_JS_COOKIE = 3; |
||
103 | const REASON_EMPTY_REFERER = 4; |
||
104 | |||
105 | const REASON_REACHED_LIMIT_DAY = 11; |
||
106 | const REASON_REACHED_LIMIT_HOUR = 12; |
||
107 | const REASON_REACHED_LIMIT_MINUTE = 13; |
||
108 | const REASON_REACHED_LIMIT_SECOND = 14; |
||
109 | |||
110 | const REASON_INVALID_IP = 40; |
||
111 | const REASON_DENY_IP = 41; |
||
112 | const REASON_ALLOW_IP = 42; |
||
113 | |||
114 | const REASON_COMPONENT_IP = 81; |
||
115 | const REASON_COMPONENT_RDNS = 82; |
||
116 | const REASON_COMPONENT_HEADER = 83; |
||
117 | const REASON_COMPONENT_USERAGENT = 84; |
||
118 | const REASON_COMPONENT_TRUSTED_ROBOT = 85; |
||
119 | |||
120 | const REASON_MANUAL_BAN = 99; |
||
121 | |||
122 | // Action codes |
||
123 | const ACTION_DENY = 0; |
||
124 | const ACTION_ALLOW = 1; |
||
125 | const ACTION_TEMPORARILY_DENY = 2; |
||
126 | const ACTION_UNBAN = 9; |
||
127 | |||
128 | // Result codes |
||
129 | const RESPONSE_DENY = 0; |
||
130 | const RESPONSE_ALLOW = 1; |
||
131 | const RESPONSE_TEMPORARILY_DENY = 2; |
||
132 | const RESPONSE_LIMIT_SESSION = 3; |
||
133 | |||
134 | const LOG_LIMIT = 3; |
||
135 | const LOG_PAGEVIEW = 11; |
||
136 | const LOG_BLACKLIST = 98; |
||
137 | const LOG_CAPTCHA = 99; |
||
138 | |||
139 | const KERNEL_DIR = __DIR__; |
||
140 | |||
141 | /** |
||
142 | * Driver for storing data. |
||
143 | * |
||
144 | * @var \Shieldon\Firewall\Driver\DriverProvider |
||
145 | */ |
||
146 | public $driver; |
||
147 | |||
148 | /** |
||
149 | * Container for Shieldon components. |
||
150 | * |
||
151 | * @var array |
||
152 | */ |
||
153 | public $component = []; |
||
154 | |||
155 | /** |
||
156 | * Logger instance. |
||
157 | * |
||
158 | * @var ActionLogger |
||
159 | */ |
||
160 | public $logger; |
||
161 | |||
162 | /** |
||
163 | * The closure functions that will be executed in this->run() |
||
164 | * |
||
165 | * @var array |
||
166 | */ |
||
167 | protected $closures = []; |
||
168 | |||
169 | /** |
||
170 | * default settings |
||
171 | * |
||
172 | * @var array |
||
173 | */ |
||
174 | protected $properties = []; |
||
175 | |||
176 | /** |
||
177 | * This is for creating data tables automatically |
||
178 | * Turn it off, if you don't want to check data tables every connection. |
||
179 | * |
||
180 | * @var bool |
||
181 | */ |
||
182 | protected $autoCreateDatabase = true; |
||
183 | |||
184 | /** |
||
185 | * Container for captcha addons. |
||
186 | * The collection of \Shieldon\Firewall\Captcha\CaptchaInterface |
||
187 | * |
||
188 | * @var array |
||
189 | */ |
||
190 | protected $captcha = []; |
||
191 | |||
192 | /** |
||
193 | * The ways Shieldon send a message to when someone has been blocked. |
||
194 | * The collection of \Shieldon\Messenger\Messenger\MessengerInterface |
||
195 | * |
||
196 | * @var array |
||
197 | */ |
||
198 | protected $messenger = []; |
||
199 | |||
200 | /** |
||
201 | * Result. |
||
202 | * |
||
203 | * @var int |
||
204 | */ |
||
205 | protected $result = 1; |
||
206 | |||
207 | /** |
||
208 | * URLs that are excluded from Shieldon's protection. |
||
209 | * |
||
210 | * @var array |
||
211 | */ |
||
212 | protected $excludedUrls = []; |
||
213 | |||
214 | /** |
||
215 | * Which type of configuration source that Shieldon firewall managed? |
||
216 | * |
||
217 | * @var string |
||
218 | */ |
||
219 | protected $firewallType = 'self'; // managed | config | self | demo |
||
220 | |||
221 | /** |
||
222 | * Custom dialog UI settings. |
||
223 | * |
||
224 | * @var array |
||
225 | */ |
||
226 | protected $dialogUI = []; |
||
227 | |||
228 | /** |
||
229 | * Strict mode. |
||
230 | * |
||
231 | * Set by `strictMode()` only. The default value of this propertry is undefined. |
||
232 | * |
||
233 | * @var bool|null |
||
234 | */ |
||
235 | protected $strictMode; |
||
236 | |||
237 | /** |
||
238 | * The directory in where the frontend template files are placed. |
||
239 | * |
||
240 | * @var string |
||
241 | */ |
||
242 | protected $templateDirectory = ''; |
||
243 | |||
244 | /** |
||
245 | * The message that will be sent to the third-party API. |
||
246 | * |
||
247 | * @var string |
||
248 | */ |
||
249 | protected $msgBody = ''; |
||
250 | |||
251 | /** |
||
252 | * Shieldon constructor. |
||
253 | * |
||
254 | * @param ServerRequestInterface|null $request A PSR-7 server request. |
||
255 | * |
||
256 | * @return void |
||
257 | */ |
||
258 | public function __construct(?ServerRequestInterface $request = null, ?ResponseInterface $response = null) |
||
259 | { |
||
260 | // Load helper functions. This is the must. |
||
261 | new Helpers(); |
||
262 | |||
263 | $request = $request ?? HttpFactory::createRequest(); |
||
264 | $response = $response ?? HttpFactory::createResponse(); |
||
265 | $session = HttpFactory::createSession(); |
||
266 | |||
267 | $this->properties = get_default_properties(); |
||
268 | $this->setCaptcha(new Foundation()); |
||
269 | |||
270 | Container::set('request', $request); |
||
271 | Container::set('response', $response); |
||
272 | Container::set('session', $session); |
||
273 | Container::set('shieldon', $this); |
||
274 | } |
||
275 | |||
276 | /** |
||
277 | * Log actions. |
||
278 | * |
||
279 | * @param int $actionCode The code number of the action. |
||
280 | * |
||
281 | * @return void |
||
282 | */ |
||
283 | protected function log(int $actionCode): void |
||
284 | { |
||
285 | if (!$this->logger) { |
||
286 | return; |
||
287 | } |
||
288 | |||
289 | $logData = []; |
||
290 | $logData['ip'] = $this->getIp(); |
||
291 | $logData['session_id'] = get_session()->get('id'); |
||
292 | $logData['action_code'] = $actionCode; |
||
293 | $logData['timesamp'] = time(); |
||
294 | |||
295 | $this->logger->add($logData); |
||
296 | } |
||
297 | |||
298 | /** |
||
299 | * Initialize components. |
||
300 | * |
||
301 | * @return void |
||
302 | */ |
||
303 | private function initComponents() |
||
304 | { |
||
305 | foreach (array_keys($this->component) as $name) { |
||
306 | $this->component[$name]->setIp($this->ip); |
||
307 | $this->component[$name]->setRdns($this->rdns); |
||
308 | |||
309 | // Apply global strict mode to all components by `strictMode()` if nesscessary. |
||
310 | if (isset($this->strictMode)) { |
||
311 | $this->component[$name]->setStrict($this->strictMode); |
||
312 | } |
||
313 | } |
||
314 | } |
||
315 | |||
316 | /** |
||
317 | * Check if current IP is trusted or not. |
||
318 | * |
||
319 | * @return bool |
||
320 | */ |
||
321 | private function isTrustedBot() |
||
322 | { |
||
323 | if ($this->getComponent('TrustedBot')) { |
||
324 | |||
325 | // We want to put all the allowed robot into the rule list, so that the checking of IP's resolved hostname |
||
326 | // is no more needed for that IP. |
||
327 | if ($this->getComponent('TrustedBot')->isAllowed()) { |
||
|
|||
328 | |||
329 | if ($this->getComponent('TrustedBot')->isGoogle()) { |
||
330 | // Add current IP into allowed list, because it is from real Google domain. |
||
331 | $this->action( |
||
332 | self::ACTION_ALLOW, |
||
333 | self::REASON_IS_GOOGLE |
||
334 | ); |
||
335 | |||
336 | } elseif ($this->getComponent('TrustedBot')->isBing()) { |
||
337 | // Add current IP into allowed list, because it is from real Bing domain. |
||
338 | $this->action( |
||
339 | self::ACTION_ALLOW, |
||
340 | self::REASON_IS_BING |
||
341 | ); |
||
342 | |||
343 | } elseif ($this->getComponent('TrustedBot')->isYahoo()) { |
||
344 | // Add current IP into allowed list, because it is from real Yahoo domain. |
||
345 | $this->action( |
||
346 | self::ACTION_ALLOW, |
||
347 | self::REASON_IS_YAHOO |
||
348 | ); |
||
349 | |||
350 | } else { |
||
351 | // Add current IP into allowed list, because you trust it. |
||
352 | // You have already defined it in the settings. |
||
353 | $this->action( |
||
354 | self::ACTION_ALLOW, |
||
355 | self::REASON_IS_SEARCH_ENGINE |
||
356 | ); |
||
357 | } |
||
358 | // Allowed robots not join to our traffic handler. |
||
359 | $this->result = self::RESPONSE_ALLOW; |
||
360 | return true; |
||
361 | } |
||
362 | } |
||
363 | return false; |
||
364 | } |
||
365 | |||
366 | /** |
||
367 | * Check whether the IP is fake search engine or not. |
||
368 | * The method "isTrustedBot()" must be executed before this method. |
||
369 | * |
||
370 | * @return bool |
||
371 | */ |
||
372 | private function isFakeRobot(): bool |
||
373 | { |
||
374 | if ($this->getComponent('TrustedBot')) { |
||
375 | if ($this->getComponent('TrustedBot')->isFakeRobot()) { |
||
376 | $this->action( |
||
377 | self::ACTION_DENY, |
||
378 | self::REASON_COMPONENT_TRUSTED_ROBOT |
||
379 | ); |
||
380 | $this->result = self::RESPONSE_DENY; |
||
381 | return true; |
||
382 | } |
||
383 | } |
||
384 | return false; |
||
385 | } |
||
386 | |||
387 | /** |
||
388 | * Run, run, run! |
||
389 | * |
||
390 | * Check the rule tables first, if an IP address has been listed. |
||
391 | * Call function filter() if an IP address is not listed in rule tables. |
||
392 | * |
||
393 | * @return int The response code. |
||
394 | */ |
||
395 | protected function process(): int |
||
396 | { |
||
397 | $this->driver->init($this->autoCreateDatabase); |
||
398 | |||
399 | $this->initComponents(); |
||
400 | |||
401 | /* |
||
402 | |-------------------------------------------------------------------------- |
||
403 | | Stage - Looking for rule table. |
||
404 | |-------------------------------------------------------------------------- |
||
405 | */ |
||
406 | |||
407 | if ($this->DoesRuleExist()) { |
||
408 | return $this->result; |
||
409 | } |
||
410 | |||
411 | /* |
||
412 | |-------------------------------------------------------------------------- |
||
413 | | Statge - Detect popular search engine. |
||
414 | |-------------------------------------------------------------------------- |
||
415 | */ |
||
416 | |||
417 | if ($this->isTrustedBot()) { |
||
418 | return $this->result; |
||
419 | } |
||
420 | |||
421 | if ($this->isFakeRobot()) { |
||
422 | return $this->result; |
||
423 | } |
||
424 | |||
425 | /* |
||
426 | |-------------------------------------------------------------------------- |
||
427 | | Stage - IP component. |
||
428 | |-------------------------------------------------------------------------- |
||
429 | */ |
||
430 | |||
431 | if ($this->getComponent('Ip')) { |
||
432 | |||
433 | $result = $this->getComponent('Ip')->check(); |
||
434 | $actionCode = self::ACTION_DENY; |
||
435 | |||
436 | if (!empty($result)) { |
||
437 | |||
438 | switch ($result['status']) { |
||
439 | |||
440 | case 'allow': |
||
441 | $actionCode = self::ACTION_ALLOW; |
||
442 | $reasonCode = $result['code']; |
||
443 | break; |
||
444 | |||
445 | case 'deny': |
||
446 | $actionCode = self::ACTION_DENY; |
||
447 | $reasonCode = $result['code']; |
||
448 | break; |
||
449 | } |
||
450 | |||
451 | $this->action($actionCode, $reasonCode); |
||
452 | |||
453 | // $resultCode = $actionCode |
||
454 | return $this->result = $this->sessionHandler($actionCode); |
||
455 | } |
||
456 | } |
||
457 | |||
458 | /* |
||
459 | |-------------------------------------------------------------------------- |
||
460 | | Stage - Check all other components. |
||
461 | |-------------------------------------------------------------------------- |
||
462 | */ |
||
463 | |||
464 | foreach ($this->component as $component) { |
||
465 | |||
466 | // check if is a a bad robot already defined in settings. |
||
467 | if ($component->isDenied()) { |
||
468 | |||
469 | // @since 0.1.8 |
||
470 | $this->action( |
||
471 | self::ACTION_DENY, |
||
472 | $component->getDenyStatusCode() |
||
473 | ); |
||
474 | |||
475 | return $this->result = self::RESPONSE_DENY; |
||
476 | } |
||
477 | } |
||
478 | |||
479 | /* |
||
480 | |-------------------------------------------------------------------------- |
||
481 | | Stage - Filters |
||
482 | |-------------------------------------------------------------------------- |
||
483 | | This IP address is not listed in rule table, let's detect it. |
||
484 | | |
||
485 | */ |
||
486 | |||
487 | if (array_search(true, $this->filterStatus)) { |
||
488 | return $this->result = $this->sessionHandler($this->filter()); |
||
489 | } |
||
490 | |||
491 | return $this->result = $this->sessionHandler(self::RESPONSE_ALLOW); |
||
492 | } |
||
493 | |||
494 | /** |
||
495 | * Start an action for this IP address, allow or deny, and give a reason for it. |
||
496 | * |
||
497 | * @param int $actionCode - 0: deny, 1: allow, 9: unban. |
||
498 | * @param string $reasonCode |
||
499 | * @param string $assignIp |
||
500 | * |
||
501 | * @return void |
||
502 | */ |
||
503 | protected function action(int $actionCode, int $reasonCode, string $assignIp = ''): void |
||
504 | { |
||
505 | $ip = $this->ip; |
||
506 | $rdns = $this->rdns; |
||
507 | $now = time(); |
||
508 | $logData = []; |
||
509 | |||
510 | if ('' !== $assignIp) { |
||
511 | $ip = $assignIp; |
||
512 | $rdns = gethostbyaddr($ip); |
||
513 | } |
||
514 | |||
515 | switch ($actionCode) { |
||
516 | case self::ACTION_ALLOW: // acutally not used. |
||
517 | case self::ACTION_DENY: // actually not used. |
||
518 | case self::ACTION_TEMPORARILY_DENY: |
||
519 | $logData['log_ip'] = $ip; |
||
520 | $logData['ip_resolve'] = $rdns; |
||
521 | $logData['time'] = $now; |
||
522 | $logData['type'] = $actionCode; |
||
523 | $logData['reason'] = $reasonCode; |
||
524 | $logData['attempts'] = 0; |
||
525 | |||
526 | $this->driver->save($ip, $logData, 'rule'); |
||
527 | break; |
||
528 | |||
529 | case self::ACTION_UNBAN: |
||
530 | $this->driver->delete($ip, 'rule'); |
||
531 | break; |
||
532 | } |
||
533 | |||
534 | // Remove logs for this IP address because It already has it's own rule on system. |
||
535 | // No need to count it anymore. |
||
536 | $this->driver->delete($ip, 'filter'); |
||
537 | |||
538 | if (null !== $this->logger) { |
||
539 | $log['ip'] = $ip; |
||
540 | $log['session_id'] = get_session()->get('id'); |
||
541 | $log['action_code'] = $actionCode; |
||
542 | $log['timesamp'] = $now; |
||
543 | |||
544 | $this->logger->add($log); |
||
545 | } |
||
546 | } |
||
547 | |||
548 | // @codeCoverageIgnoreEnd |
||
549 | |||
550 | /* |
||
551 | | ------------------------------------------------------------------- |
||
552 | | Public APIs |
||
553 | | ------------------------------------------------------------------- |
||
554 | */ |
||
555 | |||
556 | /** |
||
557 | * Set a commponent. |
||
558 | * |
||
559 | * @param ComponentProvider $instance |
||
560 | * |
||
561 | * @return void |
||
562 | */ |
||
563 | public function setComponent(ComponentProvider $instance): void |
||
564 | { |
||
565 | $class = $this->getClassName($instance); |
||
566 | $this->component[$class] = $instance; |
||
567 | } |
||
568 | |||
569 | /** |
||
570 | * Set a captcha. |
||
571 | * |
||
572 | * @param CaptchaInterface $instance |
||
573 | * |
||
574 | * @return void |
||
575 | */ |
||
576 | public function setCaptcha(CaptchaInterface $instance): void |
||
577 | { |
||
578 | $class = $this->getClassName($instance); |
||
579 | $this->captcha[$class] = $instance; |
||
580 | } |
||
581 | |||
582 | /** |
||
583 | * Set a data driver. |
||
584 | * |
||
585 | * @param DriverProvider $driver Query data from the driver you choose to use. |
||
586 | * |
||
587 | * @return void |
||
588 | */ |
||
589 | public function setDriver(DriverProvider $driver): void |
||
590 | { |
||
591 | $this->driver = $driver; |
||
592 | } |
||
593 | |||
594 | /** |
||
595 | * Set a action log logger. |
||
596 | * |
||
597 | * @param ActionLogger $logger |
||
598 | * |
||
599 | * @return void |
||
600 | */ |
||
601 | public function setLogger(ActionLogger $logger): void |
||
602 | { |
||
603 | $this->logger = $logger; |
||
604 | } |
||
605 | |||
606 | /** |
||
607 | * Set a messenger |
||
608 | * |
||
609 | * @param MessengerInterfa $instance |
||
610 | * |
||
611 | * @return void |
||
612 | */ |
||
613 | public function setMessenger(MessengerInterface $instance): void |
||
614 | { |
||
615 | $class = $this->getClassName($instance); |
||
616 | $this->messengers[$class] = $instance; |
||
617 | } |
||
618 | |||
619 | /** |
||
620 | * Get a component instance from component's container. |
||
621 | * |
||
622 | * @param string $name The component's class name. |
||
623 | * |
||
624 | * @return ComponentInterface|null |
||
625 | */ |
||
626 | public function getComponent(string $name) |
||
627 | { |
||
628 | if (isset($this->component[$name])) { |
||
629 | return $this->component[$name]; |
||
630 | } |
||
631 | |||
632 | return null; |
||
633 | } |
||
634 | |||
635 | /** |
||
636 | * Strict mode. |
||
637 | * This option will take effects to all components. |
||
638 | * |
||
639 | * @param bool $bool Set true to enble strict mode, false to disable it overwise. |
||
640 | * |
||
641 | * @return void |
||
642 | */ |
||
643 | public function setStrict(bool $bool) |
||
644 | { |
||
645 | $this->strictMode = $bool; |
||
646 | } |
||
647 | |||
648 | /** |
||
649 | * Disable filters. |
||
650 | */ |
||
651 | public function disableFilters(): void |
||
652 | { |
||
653 | $this->setFilters([ |
||
654 | 'session' => false, |
||
655 | 'cookie' => false, |
||
656 | 'referer' => false, |
||
657 | 'frequency' => false, |
||
658 | ]); |
||
659 | } |
||
660 | |||
661 | /** |
||
662 | * For first time installation only. This is for creating data tables automatically. |
||
663 | * Turning it on will check the data tables exist or not at every single pageview, |
||
664 | * it's not good for high traffic websites. |
||
665 | * |
||
666 | * @param bool $bool |
||
667 | * |
||
668 | * @return void |
||
669 | */ |
||
670 | public function createDatabase(bool $bool) |
||
671 | { |
||
672 | $this->autoCreateDatabase = $bool; |
||
673 | } |
||
674 | |||
675 | /** |
||
676 | * Set a data channel. |
||
677 | * |
||
678 | * This will create databases for the channel. |
||
679 | * |
||
680 | * @param string $channel Specify a channel. |
||
681 | * |
||
682 | * @return void |
||
683 | */ |
||
684 | public function setChannel(string $channel) |
||
685 | { |
||
686 | if (!$this->driver instanceof DriverProvider) { |
||
687 | throw new LogicException('setChannel method requires setDriver set first.'); |
||
688 | } else { |
||
689 | $this->driver->setChannel($channel); |
||
690 | } |
||
691 | } |
||
692 | |||
693 | /** |
||
694 | * Return the result from Captchas. |
||
695 | * |
||
696 | * @return bool |
||
697 | */ |
||
698 | public function captchaResponse(): bool |
||
699 | { |
||
700 | foreach ($this->captcha as $captcha) { |
||
701 | |||
702 | if (!$captcha->response()) { |
||
703 | return false; |
||
704 | } |
||
705 | } |
||
706 | |||
707 | if (!empty($this->sessionLimit['count'])) { |
||
708 | $this->result = $this->sessionHandler(self::RESPONSE_ALLOW); |
||
709 | } |
||
710 | |||
711 | return true; |
||
712 | } |
||
713 | |||
714 | /** |
||
715 | * Ban an IP. |
||
716 | * |
||
717 | * @param string $ip A valid IP address. |
||
718 | * |
||
719 | * @return void |
||
720 | */ |
||
721 | public function ban(string $ip = ''): void |
||
730 | ); |
||
731 | } |
||
732 | |||
733 | /** |
||
734 | * Unban an IP. |
||
735 | * |
||
736 | * @param string $ip A valid IP address. |
||
737 | * |
||
738 | * @return void |
||
739 | */ |
||
740 | public function unban(string $ip = ''): void |
||
741 | { |
||
742 | if ('' === $ip) { |
||
743 | $ip = $this->ip; |
||
744 | } |
||
745 | |||
746 | $this->action( |
||
747 | self::ACTION_UNBAN, |
||
748 | self::REASON_MANUAL_BAN, $ip |
||
749 | ); |
||
750 | $this->log(self::ACTION_UNBAN); |
||
751 | |||
752 | $this->result = self::RESPONSE_ALLOW; |
||
753 | } |
||
754 | |||
755 | /** |
||
756 | * Set a property setting. |
||
757 | * |
||
758 | * @param string $key The key of a property setting. |
||
759 | * @param mixed $value The value of a property setting. |
||
760 | * |
||
761 | * @return void |
||
762 | */ |
||
763 | public function setProperty(string $key = '', $value = '') |
||
764 | { |
||
765 | if (isset($this->properties[$key])) { |
||
766 | $this->properties[$key] = $value; |
||
767 | } |
||
768 | } |
||
769 | |||
770 | /** |
||
771 | * Set the property settings. |
||
772 | * |
||
773 | * @param array $settings The settings. |
||
774 | * |
||
775 | * @return void |
||
776 | */ |
||
777 | public function setProperties(array $settings): void |
||
778 | { |
||
779 | foreach (array_keys($this->properties) as $k) { |
||
780 | if (isset($settings[$k])) { |
||
781 | $this->properties[$k] = $settings[$k]; |
||
782 | } |
||
783 | } |
||
784 | } |
||
785 | |||
786 | /** |
||
787 | * Limt online sessions. |
||
788 | * |
||
789 | * @param int $count |
||
790 | * @param int $period |
||
791 | * |
||
792 | * @return void |
||
793 | */ |
||
794 | public function limitSession(int $count = 1000, int $period = 300): void |
||
795 | { |
||
796 | $this->sessionLimit = [ |
||
797 | 'count' => $count, |
||
798 | 'period' => $period |
||
799 | ]; |
||
800 | } |
||
801 | |||
802 | /** |
||
803 | * Customize the dialog UI. |
||
804 | * |
||
805 | * @return void |
||
806 | */ |
||
807 | public function setDialogUI(array $settings): void |
||
810 | } |
||
811 | |||
812 | /** |
||
813 | * Set the frontend template directory. |
||
814 | * |
||
815 | * @param string $directory |
||
816 | * |
||
817 | * @return void |
||
818 | */ |
||
819 | public function setTemplateDirectory(string $directory) |
||
820 | { |
||
821 | if (!is_dir($directory)) { |
||
822 | throw new InvalidArgumentException('The template directory does not exist.'); |
||
823 | } |
||
824 | $this->templateDirectory = $directory; |
||
825 | } |
||
826 | |||
827 | /** |
||
828 | * Get a template PHP file. |
||
829 | * |
||
830 | * @param string $type The template type. |
||
831 | * |
||
832 | * @return string |
||
833 | */ |
||
834 | protected function getTemplate(string $type): string |
||
835 | { |
||
836 | $directory = self::KERNEL_DIR . '/../../templates/frontend'; |
||
837 | |||
838 | if (!empty($this->templateDirectory)) { |
||
839 | $directory = $this->templateDirectory; |
||
840 | } |
||
841 | |||
842 | $path = $directory . '/' . $type . '.php'; |
||
843 | |||
844 | if (!file_exists($path)) { |
||
845 | throw new RuntimeException( |
||
846 | sprintf( |
||
847 | 'The templeate file is missing. (%s)', |
||
848 | $path |
||
849 | ) |
||
850 | ); |
||
851 | } |
||
852 | |||
853 | return $path; |
||
854 | } |
||
855 | |||
856 | /** |
||
857 | * Get a class name without namespace string. |
||
858 | * |
||
859 | * @param object $instance Class |
||
860 | * |
||
861 | * @return void |
||
862 | */ |
||
863 | protected function getClassName($instance): string |
||
864 | { |
||
865 | $class = get_class($instance); |
||
866 | return substr($class, strrpos($class, '\\') + 1); |
||
867 | } |
||
868 | |||
869 | /** |
||
870 | * Respond the result. |
||
871 | * |
||
872 | * @return ResponseInterface |
||
873 | */ |
||
874 | public function respond(): ResponseInterface |
||
875 | { |
||
876 | $response = get_response(); |
||
877 | $type = ''; |
||
878 | |||
879 | if (self::RESPONSE_TEMPORARILY_DENY === $this->result) { |
||
880 | $type = 'captcha'; |
||
881 | $statusCode = 403; // Forbidden. |
||
882 | |||
883 | } elseif (self::RESPONSE_LIMIT_SESSION === $this->result) { |
||
884 | $type = 'session_limitation'; |
||
885 | $statusCode = 429; // Too Many Requests. |
||
886 | |||
887 | } elseif (self::RESPONSE_DENY === $this->result) { |
||
888 | $type = 'rejection'; |
||
889 | $statusCode = 400; // Bad request. |
||
890 | } |
||
891 | |||
892 | // Nothing happened. Return. |
||
893 | if (empty($type)) { |
||
894 | // @codeCoverageIgnoreStart |
||
895 | return $response; |
||
896 | // @codeCoverageIgnoreEnd |
||
897 | } |
||
898 | |||
899 | $viewPath = $this->getTemplate($type); |
||
900 | |||
901 | // The language of output UI. It is used on views. |
||
902 | $langCode = get_session()->get('shieldon_ui_lang') ?? 'en'; |
||
903 | // Show online session count. It is used on views. |
||
904 | $showOnlineInformation = true; |
||
905 | // Show user information such as IP, user-agent, device name. |
||
906 | $showUserInformation = true; |
||
907 | |||
908 | if (empty($this->properties['display_online_info'])) { |
||
909 | $showOnlineInformation = false; |
||
910 | } |
||
911 | |||
912 | if (empty($this->properties['display_user_info'])) { |
||
913 | $showUserInformation = false; |
||
914 | } |
||
915 | |||
916 | if ($showUserInformation) { |
||
917 | $dialoguserinfo['ip'] = $this->ip; |
||
918 | $dialoguserinfo['rdns'] = $this->rdns; |
||
919 | $dialoguserinfo['user_agent'] = get_request()->getHeaderLine('user-agent'); |
||
920 | } |
||
921 | |||
922 | $ui = [ |
||
923 | 'background_image' => $this->dialogUI['background_image'] ?? '', |
||
924 | 'bg_color' => $this->dialogUI['bg_color'] ?? '#ffffff', |
||
925 | 'header_bg_color' => $this->dialogUI['header_bg_color'] ?? '#212531', |
||
926 | 'header_color' => $this->dialogUI['header_color'] ?? '#ffffff', |
||
927 | 'shadow_opacity' => $this->dialogUI['shadow_opacity'] ?? '0.2', |
||
928 | ]; |
||
929 | |||
930 | if (!defined('SHIELDON_VIEW')) { |
||
931 | define('SHIELDON_VIEW', true); |
||
932 | } |
||
933 | |||
934 | $css = require $this->getTemplate('css/default'); |
||
935 | |||
936 | ob_start(); |
||
937 | require $viewPath; |
||
938 | $output = ob_get_contents(); |
||
939 | ob_end_clean(); |
||
940 | |||
941 | // Remove unused variable notices generated from PHP intelephense. |
||
942 | unset( |
||
943 | $css, |
||
944 | $ui, |
||
945 | $langCode, |
||
946 | $showOnlineInformation, |
||
947 | $showLineupInformation, |
||
948 | $showUserInformation |
||
949 | ); |
||
950 | |||
951 | $stream = $response->getBody(); |
||
952 | $stream->write($output); |
||
953 | $stream->rewind(); |
||
954 | |||
955 | return $response-> |
||
956 | withHeader('X-Protected-By', 'shieldon.io')-> |
||
957 | withBody($stream)-> |
||
958 | withStatus($statusCode); |
||
959 | } |
||
960 | |||
961 | /** |
||
962 | * Run, run, run! |
||
963 | * |
||
964 | * Check the rule tables first, if an IP address has been listed. |
||
965 | * Call function filter() if an IP address is not listed in rule tables. |
||
966 | * |
||
967 | * @return |
||
968 | */ |
||
969 | public function run(): int |
||
970 | { |
||
971 | if (!isset($this->driver)) { |
||
972 | throw new RuntimeException( |
||
973 | 'Must register at least one data driver.' |
||
974 | ); |
||
975 | } |
||
976 | |||
977 | // Ignore the excluded urls. |
||
978 | if (!empty($this->excludedUrls)) { |
||
979 | foreach ($this->excludedUrls as $url) { |
||
980 | if (0 === strpos(get_request()->getUri()->getPath(), $url)) { |
||
981 | return $this->result = self::RESPONSE_ALLOW; |
||
982 | } |
||
983 | } |
||
984 | } |
||
985 | |||
986 | // Execute closure functions. |
||
987 | foreach ($this->closures as $closure) { |
||
988 | $closure(); |
||
989 | } |
||
990 | |||
991 | $result = $this->process(); |
||
992 | |||
993 | if ($result !== self::RESPONSE_ALLOW) { |
||
994 | |||
995 | // Current session did not pass the CAPTCHA, it is still stuck in CAPTCHA page. |
||
996 | $actionCode = self::LOG_CAPTCHA; |
||
997 | |||
998 | // If current session's respone code is RESPONSE_DENY, record it as `blacklist_count` in our logs. |
||
999 | // It is stuck in warning page, not CAPTCHA. |
||
1000 | if ($result === self::RESPONSE_DENY) { |
||
1001 | $actionCode = self::LOG_BLACKLIST; |
||
1002 | } |
||
1003 | |||
1004 | if ($result === self::RESPONSE_LIMIT_SESSION) { |
||
1005 | $actionCode = self::LOG_LIMIT; |
||
1006 | } |
||
1007 | |||
1008 | $this->log($actionCode); |
||
1009 | |||
1010 | } else { |
||
1011 | |||
1012 | $this->log(self::LOG_PAGEVIEW); |
||
1013 | } |
||
1014 | |||
1015 | |||
1016 | if (!empty($this->msgBody)) { |
||
1017 | |||
1018 | // @codeCoverageIgnoreStart |
||
1019 | |||
1020 | try { |
||
1021 | foreach ($this->messenger as $messenger) { |
||
1022 | $messenger->setTimeout(2); |
||
1023 | $messenger->send($this->msgBody); |
||
1024 | } |
||
1025 | } catch (RuntimeException $e) { |
||
1026 | // Do not throw error, becasue the third-party services might be unavailable. |
||
1027 | } |
||
1028 | |||
1029 | // @codeCoverageIgnoreEnd |
||
1030 | } |
||
1031 | |||
1032 | |||
1033 | return $result; |
||
1034 | } |
||
1035 | |||
1036 | /** |
||
1037 | * Set the filters. |
||
1038 | * |
||
1039 | * @param array $settings filter settings. |
||
1040 | * |
||
1041 | * @return void |
||
1042 | */ |
||
1043 | public function setFilters(array $settings) |
||
1048 | } |
||
1049 | } |
||
1050 | } |
||
1051 | |||
1052 | /** |
||
1053 | * Set a filter. |
||
1054 | * |
||
1055 | * @param string $filterName The filter's name. |
||
1056 | * @param bool $value True for enabling the filter, overwise. |
||
1057 | * |
||
1058 | * @return void |
||
1059 | */ |
||
1060 | public function setFilter(string $filterName, bool $value): void |
||
1061 | { |
||
1062 | if (isset($this->filterStatus[$filterName])) { |
||
1063 | $this->filterStatus[$filterName] = $value; |
||
1064 | } |
||
1065 | } |
||
1066 | |||
1067 | |||
1068 | |||
1069 | /** |
||
1070 | * Set the URLs you want them to be excluded them from protection. |
||
1071 | * |
||
1072 | * @param array $urls The list of URL want to be excluded. |
||
1073 | * |
||
1074 | * @return void |
||
1075 | */ |
||
1076 | public function setExcludedUrls(array $urls = []): void |
||
1077 | { |
||
1078 | $this->excludedUrls = $urls; |
||
1079 | } |
||
1080 | |||
1081 | /** |
||
1082 | * Set a closure function. |
||
1083 | * |
||
1084 | * @param string $key The name for the closure class. |
||
1085 | * @param Closure $closure An instance will be later called. |
||
1086 | * |
||
1087 | * @return void |
||
1088 | */ |
||
1089 | public function setClosure(string $key, Closure $closure): void |
||
1090 | { |
||
1091 | $this->closures[$key] = $closure; |
||
1092 | } |
||
1093 | |||
1094 | /** |
||
1095 | * Print a JavasSript snippet in your webpages. |
||
1096 | * |
||
1097 | * This snippet generate cookie on client's browser,then we check the |
||
1098 | * cookie to identify the client is a rebot or not. |
||
1099 | * |
||
1100 | * @return string |
||
1101 | */ |
||
1102 | public function outputJsSnippet(): string |
||
1122 | } |
||
1123 | |||
1124 | /** |
||
1125 | * Get current visior's path. |
||
1126 | * |
||
1127 | * @return string |
||
1128 | */ |
||
1129 | public function getCurrentUrl(): string |
||
1130 | { |
||
1131 | return get_request()->getUri()->getPath(); |
||
1132 | } |
||
1133 | |||
1134 | /** |
||
1135 | * Displayed on Firewall Panel, tell you current what type of current |
||
1136 | * configuration is used for. |
||
1137 | * |
||
1138 | * @param string $type The type of configuration. |
||
1139 | * demo | managed | config |
||
1140 | * |
||
1141 | * @return void |
||
1142 | */ |
||
1143 | public function managedBy(string $type = ''): void |
||
1147 | } |
||
1148 | } |
||
1149 | } |
||
1150 |