t_a
/
cavepaintingsFork
forked from Cavemanon/cavepaintings
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

X-Real-IP support and Varnish PURGE config options 

X-Real-IP for core functionality

Global config define REVERSE_PROXY_X_HEADERS

Config host and port for varnish PURGE

config option to specify PURGE protocol

exception in curl purge now shows error code

ipv6 x-real-ip addresses are now validated properly

X-Forwarded-Proto enabled by define
This commit is contained in:
thoughever 2022-01-17 17:06:20 +00:00
parent 3061a9d7d5
commit f15407bc75
20 changed files with 71 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/captcha.php
View File

@ -11,7 +11,7 @@ function captcha_get_html(): string
{ {
global $config, $user; global $config, $user;
if (DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) { if (DEBUG && ip_in_range(get_real_ip(), "127.0.0.0/8")) {
return ""; return "";
} }
@ -34,7 +34,7 @@ function captcha_check(): bool
{ {
global $config, $user; global $config, $user;
if (DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) { if (DEBUG && ip_in_range(get_real_ip(), "127.0.0.0/8")) {
return true; return true;
} }
@ -42,7 +42,7 @@ function captcha_check(): bool
$r_privatekey = $config->get_string('api_recaptcha_privkey'); $r_privatekey = $config->get_string('api_recaptcha_privkey');
if (!empty($r_privatekey)) { if (!empty($r_privatekey)) {
$recaptcha = new ReCaptcha($r_privatekey); $recaptcha = new ReCaptcha($r_privatekey);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'] ?? "", $_SERVER['REMOTE_ADDR']); $resp = $recaptcha->verify($_POST['g-recaptcha-response'] ?? "", get_real_ip());
if (!$resp->isSuccess()) { if (!$resp->isSuccess()) {
log_info("core", "Captcha failed (ReCaptcha): " . implode("", $resp->getErrorCodes())); log_info("core", "Captcha failed (ReCaptcha): " . implode("", $resp->getErrorCodes()));

2
core/imageboard/image.php
View File

@ -385,7 +385,7 @@ class Image
now(), :source now(), :source
)", )",
[ [
"owner_id" => $user->id, "owner_ip" => $_SERVER['REMOTE_ADDR'], "owner_id" => $user->id, "owner_ip" => get_real_ip(),
"filename" => $cut_name, "filesize" => $this->filesize, "filename" => $cut_name, "filesize" => $this->filesize,
"hash" => $this->hash, "mime" => strtolower($this->mime), "hash" => $this->hash, "mime" => strtolower($this->mime),
"ext" => strtolower($this->ext), "source" => $this->source "ext" => strtolower($this->ext), "source" => $this->source

1
core/sys_config.php
View File

@ -34,3 +34,4 @@ _d("EXTRA_EXTS", ""); // string optional extra extensions
_d("BASE_HREF", null); // string force a specific base URL (default is auto-detect) _d("BASE_HREF", null); // string force a specific base URL (default is auto-detect)
_d("TRACE_FILE", null); // string file to log performance data into _d("TRACE_FILE", null); // string file to log performance data into
_d("TRACE_THRESHOLD", 0.0); // float log pages which take more time than this many seconds _d("TRACE_THRESHOLD", 0.0); // float log pages which take more time than this many seconds
_d("REVERSE_PROXY_X_HEADERS", false); // boolean get request IPs from "X-Real-IP" and protocol from "X-Forwarded-Proto" HTTP headers

28
core/util.php
View File

@ -66,7 +66,7 @@ function contact_link(): ?string
function is_https_enabled(): bool function is_https_enabled(): bool
{ {
// check forwarded protocol // check forwarded protocol
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { if (REVERSE_PROXY_X_HEADERS && !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS']='on'; $_SERVER['HTTPS']='on';
} }
return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'); return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
@ -160,6 +160,29 @@ function check_im_version(): int
return (empty($convert_check) ? 0 : 1); return (empty($convert_check) ? 0 : 1);
} }
/**
* Get request IP
*/
function get_remote_addr() {
return $_SERVER['REMOTE_ADDR'];
}
/**
* Get real IP if behind a reverse proxy
*/
function get_real_ip() {
$ip = get_remote_addr();
if (REVERSE_PROXY_X_HEADERS && isset($_SERVER['HTTP_X_REAL_IP'])) {
$ip = $_SERVER['HTTP_X_REAL_IP'];
if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$ip = "0.0.0.0";
}
}
return $ip;
}
/** /**
* Get the currently active IP, masked to make it not change when the last * Get the currently active IP, masked to make it not change when the last
* octet or two change, for use in session cookies and such * octet or two change, for use in session cookies and such
@ -167,7 +190,7 @@ function check_im_version(): int
function get_session_ip(Config $config): string function get_session_ip(Config $config): string
{ {
$mask = $config->get_string("session_hash_mask", "255.255.0.0"); $mask = $config->get_string("session_hash_mask", "255.255.0.0");
$addr = $_SERVER['REMOTE_ADDR']; $addr = get_real_ip();
$addr = inet_ntop(inet_pton($addr) & inet_pton($mask)); $addr = inet_ntop(inet_pton($addr) & inet_pton($mask));
return $addr; return $addr;
} }
@ -799,3 +822,4 @@ function generate_key(int $length = 20): string
return $randomString; return $randomString;
} }

6
ext/comment/main.php
View File

@ -497,7 +497,7 @@ class CommentList extends Extension
SELECT * SELECT *
FROM comments FROM comments
WHERE owner_ip = :remote_ip AND posted > now() - $window_sql WHERE owner_ip = :remote_ip AND posted > now() - $window_sql
", ["remote_ip"=>$_SERVER['REMOTE_ADDR']]); ", ["remote_ip"=>get_real_ip()]);
return (count($result) >= $max); return (count($result) >= $max);
} }
@ -516,7 +516,7 @@ class CommentList extends Extension
*/ */
public static function get_hash(): string public static function get_hash(): string
{ {
return md5($_SERVER['REMOTE_ADDR'] . date("%Y%m%d")); return md5(get_real_ip() . date("%Y%m%d"));
} }
private function is_spam_akismet(string $text): bool private function is_spam_akismet(string $text): bool
@ -576,7 +576,7 @@ class CommentList extends Extension
$database->execute( $database->execute(
"INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) ". "INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) ".
"VALUES(:image_id, :user_id, :remote_addr, now(), :comment)", "VALUES(:image_id, :user_id, :remote_addr, now(), :comment)",
["image_id"=>$image_id, "user_id"=>$user->id, "remote_addr"=>$_SERVER['REMOTE_ADDR'], "comment"=>$comment] ["image_id"=>$image_id, "user_id"=>$user->id, "remote_addr"=>get_real_ip(), "comment"=>$comment]
); );
$cid = $database->get_last_insert_id('comments_id_seq'); $cid = $database->get_last_insert_id('comments_id_seq');
$snippet = substr($comment, 0, 100); $snippet = substr($comment, 0, 100);

4
ext/image_view_counter/main.php
View File

@ -29,7 +29,7 @@ class ImageViewCounter extends Extension
WHERE ipaddress=:ipaddress AND timestamp >:lasthour AND image_id =:image_id WHERE ipaddress=:ipaddress AND timestamp >:lasthour AND image_id =:image_id
", ",
[ [
"ipaddress" => $_SERVER['REMOTE_ADDR'], "ipaddress" => get_real_ip(),
"lasthour" => time() - $this->view_interval, "lasthour" => time() - $this->view_interval,
"image_id" => $imgid "image_id" => $imgid
] ]
@ -50,7 +50,7 @@ class ImageViewCounter extends Extension
"image_id" => $imgid, "image_id" => $imgid,
"user_id" => $user->id, "user_id" => $user->id,
"timestamp" => time(), "timestamp" => time(),
"ipaddress" => $_SERVER['REMOTE_ADDR'], "ipaddress" => get_real_ip(),
] ]
); );
} }

7
ext/ipban/main.php
View File

@ -128,8 +128,7 @@ class IPBan extends Extension
// Check if our current IP is in either of the ban lists // Check if our current IP is in either of the ban lists
$active_ban_id = ( $active_ban_id = (
$this->find_active_ban($ips, $_SERVER['REMOTE_ADDR'], $networks) ?? $this->find_active_ban($ips, get_real_ip(), $networks)
$this->find_active_ban($ips, @$_SERVER['HTTP_X_FORWARDED_FOR'], $networks)
); );
// If an active ban is found, act on it // If an active ban is found, act on it
@ -139,10 +138,12 @@ class IPBan extends Extension
return; return;
} }
$row_banner_id_int = intval($row['banner_id']);
$msg = $config->get_string("ipban_message_{$row['mode']}") ?? $config->get_string("ipban_message"); $msg = $config->get_string("ipban_message_{$row['mode']}") ?? $config->get_string("ipban_message");
$msg = str_replace('$IP', $row["ip"], $msg); $msg = str_replace('$IP', $row["ip"], $msg);
$msg = str_replace('$DATE', $row['expires'] ?? 'the end of time', $msg); $msg = str_replace('$DATE', $row['expires'] ?? 'the end of time', $msg);
$msg = str_replace('$ADMIN', User::by_id($row['banner_id'])->name, $msg); $msg = str_replace('$ADMIN', User::by_id($row_banner_id_int)->name, $msg);
$msg = str_replace('$REASON', $row['reason'], $msg); $msg = str_replace('$REASON', $row['reason'], $msg);
$contact_link = contact_link(); $contact_link = contact_link();
if (!empty($contact_link)) { if (!empty($contact_link)) {

2
ext/log_db/main.php
View File

@ -295,7 +295,7 @@ class LogDatabase extends Extension
VALUES(now(), :section, :priority, :username, :address, :message) VALUES(now(), :section, :priority, :username, :address, :message)
", [ ", [
"section"=>$event->section, "priority"=>$event->priority, "username"=>$username, "section"=>$event->section, "priority"=>$event->priority, "username"=>$username,
"address"=>$_SERVER['REMOTE_ADDR'], "message"=>$event->message "address"=>get_real_ip(), "message"=>$event->message
]); ]);
} }
} }

2
ext/log_logstash/main.php
View File

@ -21,7 +21,7 @@ class LogLogstash extends Extension
#"@request" => $_SERVER, #"@request" => $_SERVER,
"@request" => [ "@request" => [
"UID" => get_request_id(), "UID" => get_request_id(),
"REMOTE_ADDR" => $_SERVER['REMOTE_ADDR'], "REMOTE_ADDR" => get_real_ip(),
], ],
]; ];

2
ext/log_net/main.php
View File

@ -15,7 +15,7 @@ class LogNet extends Extension
if ($this->count < 10) { if ($this->count < 10) {
// TODO: colour based on event->priority // TODO: colour based on event->priority
$username = ($user && $user->name) ? $user->name : "Anonymous"; $username = ($user && $user->name) ? $user->name : "Anonymous";
$str = sprintf("%-15s %-10s: %s", $_SERVER['REMOTE_ADDR'], $username, $event->message); $str = sprintf("%-15s %-10s: %s", get_real_ip(), $username, $event->message);
$this->msg($str); $this->msg($str);
} elseif ($this->count == 10) { } elseif ($this->count == 10) {
$this->msg('suppressing flood, check the web log'); $this->msg('suppressing flood, check the web log');

4
ext/notes/main.php
View File

@ -257,7 +257,7 @@ class Notes extends Extension
" "
INSERT INTO notes (enable, image_id, user_id, user_ip, date, x1, y1, height, width, note) INSERT INTO notes (enable, image_id, user_id, user_ip, date, x1, y1, height, width, note)
VALUES (:enable, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)", VALUES (:enable, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)",
['enable'=>1, 'image_id'=>$imageID, 'user_id'=>$user_id, 'user_ip'=>$_SERVER['REMOTE_ADDR'], 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText] ['enable'=>1, 'image_id'=>$imageID, 'user_id'=>$user_id, 'user_ip'=>get_real_ip(), 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText]
); );
$noteID = $database->get_last_insert_id('notes_id_seq'); $noteID = $database->get_last_insert_id('notes_id_seq');
@ -423,7 +423,7 @@ class Notes extends Extension
INSERT INTO note_histories (note_enable, note_id, review_id, image_id, user_id, user_ip, date, x1, y1, height, width, note) INSERT INTO note_histories (note_enable, note_id, review_id, image_id, user_id, user_ip, date, x1, y1, height, width, note)
VALUES (:note_enable, :note_id, :review_id, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note) VALUES (:note_enable, :note_id, :review_id, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)
", ",
['note_enable'=>$noteEnable, 'note_id'=>$noteID, 'review_id'=>$reviewID, 'image_id'=>$imageID, 'user_id'=>$user->id, 'user_ip'=>$_SERVER['REMOTE_ADDR'], ['note_enable'=>$noteEnable, 'note_id'=>$noteID, 'review_id'=>$reviewID, 'image_id'=>$imageID, 'user_id'=>$user->id, 'user_ip'=>get_real_ip(),
'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText] 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText]
); );
} }

2
ext/pm/main.php
View File

@ -176,7 +176,7 @@ class PrivMsg extends Extension
$from_id = $user->id; $from_id = $user->id;
$subject = $_POST["subject"]; $subject = $_POST["subject"];
$message = $_POST["message"]; $message = $_POST["message"];
send_event(new SendPMEvent(new PM($from_id, $_SERVER["REMOTE_ADDR"], $to_id, $subject, $message))); send_event(new SendPMEvent(new PM($from_id, get_real_ip(), $to_id, $subject, $message)));
$page->flash("PM sent"); $page->flash("PM sent");
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(referer_or(make_link())); $page->set_redirect(referer_or(make_link()));

2
ext/pm_triggers/main.php
View File

@ -18,7 +18,7 @@ class PMTrigger extends Extension
global $user; global $user;
send_event(new SendPMEvent(new PM( send_event(new SendPMEvent(new PM(
$user->id, $user->id,
$_SERVER["REMOTE_ADDR"], get_real_ip(),
$to_id, $to_id,
$subject, $subject,
$body $body

2
ext/source_history/main.php
View File

@ -382,7 +382,7 @@ class SourceHistory extends Extension
" "
INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set) INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set)
VALUES (:image_id, :source, :user_id, :user_ip, now())", VALUES (:image_id, :source, :user_id, :user_ip, now())",
["image_id"=>$image->id, "source"=>$new_source, "user_id"=>$user->id, "user_ip"=>$_SERVER['REMOTE_ADDR']] ["image_id"=>$image->id, "source"=>$new_source, "user_id"=>$user->id, "user_ip"=>get_real_ip()]
); );
$entries++; $entries++;

2
ext/tag_history/main.php
View File

@ -381,7 +381,7 @@ class TagHistory extends Extension
" "
INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set) INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set)
VALUES (:image_id, :tags, :user_id, :user_ip, now())", VALUES (:image_id, :tags, :user_id, :user_ip, now())",
["image_id"=>$image->id, "tags"=>$new_tags, "user_id"=>$user->id, "user_ip"=>$_SERVER['REMOTE_ADDR']] ["image_id"=>$image->id, "tags"=>$new_tags, "user_id"=>$user->id, "user_ip"=>get_real_ip()]
); );
$entries++; $entries++;

2
ext/user/main.php
View File

@ -204,7 +204,7 @@ class UserPage extends Extension
$event->add_stats("Joined: $h_join_date", 10); $event->add_stats("Joined: $h_join_date", 10);
if ($user->name == $event->display_user->name) { if ($user->name == $event->display_user->name) {
$event->add_stats("Current IP: {$_SERVER['REMOTE_ADDR']}", 80); $event->add_stats("Current IP: " . get_real_ip(), 80);
} }
$event->add_stats("Class: $h_class", 90); $event->add_stats("Class: $h_class", 90);

18
ext/varnish/main.php
View File

@ -4,6 +4,14 @@ declare(strict_types=1);
class VarnishPurger extends Extension class VarnishPurger extends Extension
{ {
public function onInitExt(InitExtEvent $event)
{
global $config;
$config->set_default_string('varnish_host', '127.0.0.1');
$config->set_default_int('varnish_port', 80);
$config->set_default_string('varnish_protocol', 'http');
}
private function curl_purge($path) private function curl_purge($path)
{ {
// waiting for curl timeout adds ~5 minutes to unit tests // waiting for curl timeout adds ~5 minutes to unit tests
@ -11,13 +19,21 @@ class VarnishPurger extends Extension
return; return;
} }
$url = make_http(make_link($path)); global $config;
$host = $config->get_string('varnish_host');
$port = $config->get_int('varnish_port');
$protocol = $config->get_string('varnish_protocol');
$url = $protocol . '://'. $host . '/' . $path;
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_PORT, $port);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PURGE"); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PURGE");
curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$result = curl_exec($ch); $result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($httpCode != 200) {
throw new SCoreException('PURGE ' . $url . ' unsuccessful (HTTP '. $httpCode . ')');
}
curl_close($ch); curl_close($ch);
assert(!is_null($result) && !is_null($httpCode)); assert(!is_null($result) && !is_null($httpCode));
//return $result; //return $result;

4
ext/wiki/main.php
View File

@ -254,7 +254,7 @@ class Wiki extends Extension
" "
INSERT INTO wiki_pages(owner_id, owner_ip, date, title, revision, locked, body) INSERT INTO wiki_pages(owner_id, owner_ip, date, title, revision, locked, body)
VALUES (:owner_id, :owner_ip, now(), :title, :revision, :locked, :body)", VALUES (:owner_id, :owner_ip, now(), :title, :revision, :locked, :body)",
["owner_id"=>$event->user->id, "owner_ip"=>$_SERVER['REMOTE_ADDR'], ["owner_id"=>$event->user->id, "owner_ip"=>get_real_ip(),
"title"=>$wpage->title, "revision"=>$wpage->revision, "locked"=>$wpage->locked, "body"=>$wpage->body] "title"=>$wpage->title, "revision"=>$wpage->revision, "locked"=>$wpage->locked, "body"=>$wpage->body]
); );
} else { } else {
@ -262,7 +262,7 @@ class Wiki extends Extension
" "
UPDATE wiki_pages SET owner_id=:owner_id, owner_ip=:owner_ip, date=now(), locked=:locked, body=:body UPDATE wiki_pages SET owner_id=:owner_id, owner_ip=:owner_ip, date=now(), locked=:locked, body=:body
WHERE title = :title ORDER BY revision DESC LIMIT 1", WHERE title = :title ORDER BY revision DESC LIMIT 1",
["owner_id"=>$event->user->id, "owner_ip"=>$_SERVER['REMOTE_ADDR'], ["owner_id"=>$event->user->id, "owner_ip"=>get_real_ip(),
"title"=>$wpage->title, "locked"=>$wpage->locked, "body"=>$wpage->body] "title"=>$wpage->title, "locked"=>$wpage->locked, "body"=>$wpage->body]
); );
} }

2
index.php
View File

@ -63,7 +63,7 @@ try {
$_SERVER["REQUEST_URI"] ?? "No Request", $_SERVER["REQUEST_URI"] ?? "No Request",
[ [
"user"=>$_COOKIE["shm_user"] ?? "No User", "user"=>$_COOKIE["shm_user"] ?? "No User",
"ip"=>$_SERVER['REMOTE_ADDR'] ?? "No IP", "ip"=>get_real_ip() ?? "No IP",
"user_agent"=>$_SERVER['HTTP_USER_AGENT'] ?? "No UA", "user_agent"=>$_SERVER['HTTP_USER_AGENT'] ?? "No UA",
] ]
); );

1
tests/defines.php
View File

@ -17,3 +17,4 @@ define("TIMEZONE", 'UTC');
define("BASE_HREF", "/test"); define("BASE_HREF", "/test");
define("CLI_LOG_LEVEL", 50); define("CLI_LOG_LEVEL", 50);
define("STATSD_HOST", null); define("STATSD_HOST", null);
define("REVERSE_PROXY_X_HEADERS", false);