From 30a7c55e844a40468b93acc78de3b73ddffd1e44 Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Sun, 12 Dec 2021 13:30:18 +0100 Subject: [PATCH 1/3] Migrated to a new lib to match IP addresses with ranges --- composer.json | 4 +-- module/Core/src/Visit/RequestTracker.php | 37 ++++++++++++------------ 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/composer.json b/composer.json index 7064a2b3..8a6651c8 100644 --- a/composer.json +++ b/composer.json @@ -38,6 +38,7 @@ "mezzio/mezzio-fastroute": "^3.3", "mezzio/mezzio-problem-details": "^1.5", "mezzio/mezzio-swoole": "^3.5", + "mlocati/ip-lib": "^1.17", "monolog/monolog": "^2.3", "nikolaposa/monolog-factory": "^3.1", "ocramius/proxy-manager": "^2.11", @@ -47,14 +48,13 @@ "predis/predis": "^1.1", "pugx/shortid-php": "^1.0", "ramsey/uuid": "^4.2", - "rlanvin/php-ip": "dev-master#6b3a785 as 3.0", "shlinkio/shlink-common": "dev-main#e7fdff3 as 4.2", "shlinkio/shlink-config": "^1.4", "shlinkio/shlink-event-dispatcher": "dev-main#3925299 as 2.3", "shlinkio/shlink-importer": "dev-main#d099072 as 2.5", "shlinkio/shlink-installer": "^6.3", "shlinkio/shlink-ip-geolocation": "^2.2", - "symfony/console": "^6.0 || ^5.4", + "symfony/console": "^5.4", "symfony/filesystem": "^6.0 || ^5.4", "symfony/lock": "^6.0 || ^5.4", "symfony/mercure": "^0.6", diff --git a/module/Core/src/Visit/RequestTracker.php b/module/Core/src/Visit/RequestTracker.php index eee75ea4..7cefa8a2 100644 --- a/module/Core/src/Visit/RequestTracker.php +++ b/module/Core/src/Visit/RequestTracker.php @@ -5,9 +5,10 @@ declare(strict_types=1); namespace Shlinkio\Shlink\Core\Visit; use Fig\Http\Message\RequestMethodInterface; -use InvalidArgumentException; +use IPLib\Address\IPv4; +use IPLib\Factory; +use IPLib\Range\RangeInterface; use Mezzio\Router\Middleware\ImplicitHeadMiddleware; -use PhpIP\IP; use Psr\Http\Message\ServerRequestInterface; use Shlinkio\Shlink\Common\Middleware\IpAddressMiddlewareFactory; use Shlinkio\Shlink\Core\Entity\ShortUrl; @@ -73,9 +74,8 @@ class RequestTracker implements RequestTrackerInterface, RequestMethodInterface return false; } - try { - $ip = IP::create($remoteAddr); - } catch (InvalidArgumentException) { + $ip = IPv4::parseString($remoteAddr); + if ($ip === null) { return false; } @@ -83,24 +83,23 @@ class RequestTracker implements RequestTrackerInterface, RequestMethodInterface $disableTrackingFrom = $this->trackingOptions->disableTrackingFrom(); return some($disableTrackingFrom, function (string $value) use ($ip, $remoteAddrParts): bool { - try { - return match (true) { - str_contains($value, '*') => $ip->matches($this->parseValueWithWildcards($value, $remoteAddrParts)), - str_contains($value, '/') => $ip->isIn($value), - default => $ip->matches($value), - }; - } catch (InvalidArgumentException) { - return false; - } + $range = match (true) { + str_contains($value, '*') => $this->parseValueWithWildcards($value, $remoteAddrParts), + default => Factory::parseRangeString($value), + }; + + return $range !== null && $ip->matches($range); }); } - private function parseValueWithWildcards(string $value, array $remoteAddrParts): string + private function parseValueWithWildcards(string $value, array $remoteAddrParts): ?RangeInterface { // Replace wildcard parts with the corresponding ones from the remote address - return implode('.', map( - explode('.', $value), - fn (string $part, int $index) => $part === '*' ? $remoteAddrParts[$index] : $part, - )); + return Factory::parseRangeString( + implode('.', map( + explode('.', $value), + fn (string $part, int $index) => $part === '*' ? $remoteAddrParts[$index] : $part, + )), + ); } } From 959efd17c8f9abf1b62bcbe08a797864cf23be61 Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Sun, 12 Dec 2021 13:31:08 +0100 Subject: [PATCH 2/3] Updated changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18802cc2..ee4a64c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org). -## [Unreleased] +## [2.10.0] - 2021-12-12 ### Added * [#1163](https://github.com/shlinkio/shlink/issues/1163) Allowed setting not-found redirects for default domain in the same way it's done for any other domain. @@ -34,6 +34,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this * [#844](https://github.com/shlinkio/shlink/issues/844) Added mutation checks to API tests. * [#1218](https://github.com/shlinkio/shlink/issues/1218) Updated to symfony/mercure 0.6. * [#1223](https://github.com/shlinkio/shlink/issues/1223) Updated to phpstan 1.0. +* [#1258](https://github.com/shlinkio/shlink/issues/1258) Updated to Symfony 6 components, except symfony/console. * Added `domain` field to `DeleteShortUrlException` exception. ### Deprecated From d082d208e19f1bd674a16272777aa22bf36f3c10 Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Sun, 12 Dec 2021 17:08:26 +0100 Subject: [PATCH 3/3] Tagged specific versions for shlink packages --- composer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 8a6651c8..9652af32 100644 --- a/composer.json +++ b/composer.json @@ -48,10 +48,10 @@ "predis/predis": "^1.1", "pugx/shortid-php": "^1.0", "ramsey/uuid": "^4.2", - "shlinkio/shlink-common": "dev-main#e7fdff3 as 4.2", + "shlinkio/shlink-common": "^4.2", "shlinkio/shlink-config": "^1.4", - "shlinkio/shlink-event-dispatcher": "dev-main#3925299 as 2.3", - "shlinkio/shlink-importer": "dev-main#d099072 as 2.5", + "shlinkio/shlink-event-dispatcher": "^2.3", + "shlinkio/shlink-importer": "^2.5", "shlinkio/shlink-installer": "^6.3", "shlinkio/shlink-ip-geolocation": "^2.2", "symfony/console": "^5.4",