RequestRemoteAddress.php 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com>
  4. *
  5. * @license GNU AGPL version 3 or any later version
  6. *
  7. * This program is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU Affero General Public License as
  9. * published by the Free Software Foundation, either version 3 of the
  10. * License, or (at your option) any later version.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. *
  20. */
  21. namespace OCA\WorkflowEngine\Check;
  22. use OCP\Files\Storage\IStorage;
  23. use OCP\IL10N;
  24. use OCP\IRequest;
  25. use OCP\WorkflowEngine\ICheck;
  26. class RequestRemoteAddress implements ICheck {
  27. /** @var IL10N */
  28. protected $l;
  29. /** @var IRequest */
  30. protected $request;
  31. /**
  32. * @param IL10N $l
  33. * @param IRequest $request
  34. */
  35. public function __construct(IL10N $l, IRequest $request) {
  36. $this->l = $l;
  37. $this->request = $request;
  38. }
  39. /**
  40. * @param IStorage $storage
  41. * @param string $path
  42. */
  43. public function setFileInfo(IStorage $storage, $path) {
  44. // A different path doesn't change time, so nothing to do here.
  45. }
  46. /**
  47. * @param string $operator
  48. * @param string $value
  49. * @return bool
  50. */
  51. public function executeCheck($operator, $value) {
  52. $actualValue = $this->request->getRemoteAddress();
  53. $decodedValue = explode('/', $value);
  54. if ($operator === 'matchesIPv4') {
  55. return $this->matchIPv4($actualValue, $decodedValue[0], $decodedValue[1]);
  56. } else if ($operator === '!matchesIPv4') {
  57. return !$this->matchIPv4($actualValue, $decodedValue[0], $decodedValue[1]);
  58. } else if ($operator === 'matchesIPv6') {
  59. return $this->matchIPv6($actualValue, $decodedValue[0], $decodedValue[1]);
  60. } else {
  61. return !$this->matchIPv6($actualValue, $decodedValue[0], $decodedValue[1]);
  62. }
  63. }
  64. /**
  65. * @param string $operator
  66. * @param string $value
  67. * @throws \UnexpectedValueException
  68. */
  69. public function validateCheck($operator, $value) {
  70. if (!in_array($operator, ['matchesIPv4', '!matchesIPv4', 'matchesIPv6', '!matchesIPv6'])) {
  71. throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1);
  72. }
  73. $decodedValue = explode('/', $value);
  74. if (sizeof($decodedValue) !== 2) {
  75. throw new \UnexpectedValueException($this->l->t('The given IP range is invalid'), 2);
  76. }
  77. if (in_array($operator, ['matchesIPv4', '!matchesIPv4'])) {
  78. if (!filter_var($decodedValue[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
  79. throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv4'), 3);
  80. }
  81. if ($decodedValue[1] > 32 || $decodedValue[1] <= 0) {
  82. throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv4'), 4);
  83. }
  84. } else {
  85. if (!filter_var($decodedValue[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
  86. throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv6'), 3);
  87. }
  88. if ($decodedValue[1] > 128 || $decodedValue[1] <= 0) {
  89. throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv6'), 4);
  90. }
  91. }
  92. }
  93. /**
  94. * Based on http://stackoverflow.com/a/594134
  95. * @param string $ip
  96. * @param string $rangeIp
  97. * @param int $bits
  98. * @return bool
  99. */
  100. protected function matchIPv4($ip, $rangeIp, $bits) {
  101. $rangeDecimal = ip2long($rangeIp);
  102. $ipDecimal = ip2long($ip);
  103. $mask = -1 << (32 - $bits);
  104. return ($ipDecimal & $mask) === ($rangeDecimal & $mask);
  105. }
  106. /**
  107. * Based on http://stackoverflow.com/a/7951507
  108. * @param string $ip
  109. * @param string $rangeIp
  110. * @param int $bits
  111. * @return bool
  112. */
  113. protected function matchIPv6($ip, $rangeIp, $bits) {
  114. $ipNet = inet_pton($ip);
  115. $binaryIp = $this->ipv6ToBits($ipNet);
  116. $ipNetBits = substr($binaryIp, 0, $bits);
  117. $rangeNet = inet_pton($rangeIp);
  118. $binaryRange = $this->ipv6ToBits($rangeNet);
  119. $rangeNetBits = substr($binaryRange, 0, $bits);
  120. return $ipNetBits === $rangeNetBits;
  121. }
  122. /**
  123. * Based on http://stackoverflow.com/a/7951507
  124. * @param string $packedIp
  125. * @return string
  126. */
  127. protected function ipv6ToBits($packedIp) {
  128. $unpackedIp = unpack('A16', $packedIp);
  129. $unpackedIp = str_split($unpackedIp[1]);
  130. $binaryIp = '';
  131. foreach ($unpackedIp as $char) {
  132. $binaryIp .= str_pad(decbin(ord($char)), 8, '0', STR_PAD_LEFT);
  133. }
  134. return str_pad($binaryIp, 128, '0', STR_PAD_RIGHT);
  135. }
  136. }