Added trusted proxies
This commit is contained in:
parent
6415882b1c
commit
bf6efe532c
|
@ -126,4 +126,7 @@ return [
|
||||||
'3XL' => '3XL',
|
'3XL' => '3XL',
|
||||||
'4XL' => '4XL'
|
'4XL' => '4XL'
|
||||||
],
|
],
|
||||||
|
|
||||||
|
// IP addresses of reverse proxies that are trusted, can be an array or a comma separated list
|
||||||
|
'trusted_proxies' => env('TRUSTED_PROXIES', ['127.0.0.0/8', '::ffff:127.0.0.0/8', '::1/128']),
|
||||||
];
|
];
|
||||||
|
|
|
@ -33,3 +33,9 @@ FROM php:7-fpm-alpine
|
||||||
COPY --from=data /app/ /var/www
|
COPY --from=data /app/ /var/www
|
||||||
RUN apk add --no-cache icu-dev gettext-dev && \
|
RUN apk add --no-cache icu-dev gettext-dev && \
|
||||||
docker-php-ext-install intl gettext pdo_mysql
|
docker-php-ext-install intl gettext pdo_mysql
|
||||||
|
|
||||||
|
ENV TRUSTED_PROXIES 10.0.0.0/8,::ffff:10.0.0.0/8,\
|
||||||
|
127.0.0.0/8,::ffff:127.0.0.0/8,\
|
||||||
|
172.16.0.0/12,::ffff:172.16.0.0/12,\
|
||||||
|
192.168.0.0/16,::ffff:192.168.0.0/16,\
|
||||||
|
::1/128,fc00::/7,fec0::/10
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
error_log stderr;
|
error_log stderr;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
client_body_temp_path /tmp/client_body_temp;
|
client_body_temp_path /tmp/client_body_temp;
|
||||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||||
|
@ -9,6 +11,11 @@ http {
|
||||||
scgi_temp_path /tmp/scgi_temp;
|
scgi_temp_path /tmp/scgi_temp;
|
||||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||||
|
|
||||||
|
map $http_x_forwarded_proto $forwarded_proto {
|
||||||
|
default $http_x_forwarded_proto;
|
||||||
|
https https;
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
include mime.types;
|
include mime.types;
|
||||||
access_log off;
|
access_log off;
|
||||||
|
@ -17,6 +24,7 @@ http {
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $forwarded_proto;
|
||||||
index index.php;
|
index index.php;
|
||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
|
|
||||||
|
@ -28,7 +36,6 @@ http {
|
||||||
fastcgi_pass engelsystem:9000;
|
fastcgi_pass engelsystem:9000;
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
fastcgi_param HTTPS on;
|
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,34 @@ class RequestServiceProvider extends ServiceProvider
|
||||||
{
|
{
|
||||||
public function register()
|
public function register()
|
||||||
{
|
{
|
||||||
|
$config = $this->app->get('config');
|
||||||
|
$trustedProxies = $config->get('trusted_proxies', []);
|
||||||
|
|
||||||
|
if (!is_array($trustedProxies)) {
|
||||||
|
$trustedProxies = empty($trustedProxies) ? [] : explode(',', preg_replace('~\s+~', '', $trustedProxies));
|
||||||
|
}
|
||||||
|
|
||||||
|
/** @var Request $request */
|
||||||
$request = $this->app->call([Request::class, 'createFromGlobals']);
|
$request = $this->app->call([Request::class, 'createFromGlobals']);
|
||||||
|
$this->setTrustedProxies($request, $trustedProxies);
|
||||||
$this->app->instance('request', $request);
|
$this->app->instance('request', $request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the trusted Proxies
|
||||||
|
*
|
||||||
|
* Required for unit tests (static methods can't be mocked)
|
||||||
|
*
|
||||||
|
* @param Request $request
|
||||||
|
* @param array $proxies
|
||||||
|
* @param int $trustedHeadersSet
|
||||||
|
* @codeCoverageIgnore
|
||||||
|
*/
|
||||||
|
protected function setTrustedProxies(
|
||||||
|
$request,
|
||||||
|
$proxies,
|
||||||
|
$trustedHeadersSet = Request::HEADER_FORWARDED | Request::HEADER_X_FORWARDED_ALL
|
||||||
|
) {
|
||||||
|
$request->setTrustedProxies($proxies, $trustedHeadersSet);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
namespace Engelsystem\Test\Unit\Http;
|
namespace Engelsystem\Test\Unit\Http;
|
||||||
|
|
||||||
|
use Engelsystem\Config\Config;
|
||||||
|
use Engelsystem\Container\ServiceProvider;
|
||||||
use Engelsystem\Http\Request;
|
use Engelsystem\Http\Request;
|
||||||
use Engelsystem\Http\RequestServiceProvider;
|
use Engelsystem\Http\RequestServiceProvider;
|
||||||
use Engelsystem\Test\Unit\ServiceProviderTest;
|
use Engelsystem\Test\Unit\ServiceProviderTest;
|
||||||
|
@ -10,20 +12,50 @@ use PHPUnit_Framework_MockObject_MockObject as MockObject;
|
||||||
class RequestServiceProviderTest extends ServiceProviderTest
|
class RequestServiceProviderTest extends ServiceProviderTest
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @covers \Engelsystem\Http\RequestServiceProvider::register()
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function testRegister()
|
public function provideRegister()
|
||||||
{
|
{
|
||||||
/** @var MockObject|Request $request */
|
return [
|
||||||
$request = $this->getMockBuilder(Request::class)
|
['', []],
|
||||||
->getMock();
|
[[], []],
|
||||||
|
['192.168.10.99', ['192.168.10.99']],
|
||||||
|
[' 234.234.234.234 ', ['234.234.234.234']],
|
||||||
|
['123.234.123.234,10.0.0.0/8', ['123.234.123.234', '10.0.0.0/8']],
|
||||||
|
['123.123.234.234 , ' . PHP_EOL . ' 11.22.33.44/22 ', ['123.123.234.234', '11.22.33.44/22']],
|
||||||
|
[['10.100.20.0/24'], ['10.100.20.0/24']],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
$app = $this->getApp(['call', 'instance']);
|
/**
|
||||||
|
* @dataProvider provideRegister
|
||||||
|
* @covers \Engelsystem\Http\RequestServiceProvider::register()
|
||||||
|
*
|
||||||
|
* @param string|array $configuredProxies
|
||||||
|
* @param array $trustedProxies
|
||||||
|
*/
|
||||||
|
public function testRegister($configuredProxies, $trustedProxies)
|
||||||
|
{
|
||||||
|
/** @var Config|MockObject $config */
|
||||||
|
$config = $this->getMockBuilder(Config::class)->getMock();
|
||||||
|
/** @var Request|MockObject $request */
|
||||||
|
$request = $this->getMockBuilder(Request::class)->getMock();
|
||||||
|
|
||||||
|
$app = $this->getApp(['call', 'get', 'instance']);
|
||||||
|
|
||||||
$this->setExpects($app, 'call', [[Request::class, 'createFromGlobals']], $request);
|
$this->setExpects($app, 'call', [[Request::class, 'createFromGlobals']], $request);
|
||||||
|
$this->setExpects($app, 'get', ['config'], $config);
|
||||||
$this->setExpects($app, 'instance', ['request', $request]);
|
$this->setExpects($app, 'instance', ['request', $request]);
|
||||||
|
$this->setExpects($config, 'get', ['trusted_proxies'], $configuredProxies);
|
||||||
|
|
||||||
$serviceProvider = new RequestServiceProvider($app);
|
/** @var ServiceProvider|MockObject $serviceProvider */
|
||||||
|
$serviceProvider = $this->getMockBuilder(RequestServiceProvider::class)
|
||||||
|
->setConstructorArgs([$app])
|
||||||
|
->setMethods(['setTrustedProxies'])
|
||||||
|
->getMock();
|
||||||
|
$serviceProvider->expects($this->once())
|
||||||
|
->method('setTrustedProxies')
|
||||||
|
->with($request, $trustedProxies);
|
||||||
$serviceProvider->register();
|
$serviceProvider->register();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue