Implemented log in whitelist

PeeHaa · PeeHaa · commit 97d57c5ef7b4 · 2014-11-01T21:23:53.000+01:00
diff --git a/index.php b/index.php
@@ -11,6 +11,7 @@
  */
 use OpCacheGUI\Format\Byte as ByteFormatter;
 use OpCacheGUI\Storage\Session;
+use OpCacheGUI\Auth\Ip;
 use OpCacheGUI\Security\Generator\Factory;
 use OpCacheGUI\Security\CsrfToken;
 use OpCacheGUI\Auth\User;
@@ -47,10 +48,23 @@
 $sessionStorage = new Session();
 $csrfToken      = new CsrfToken($sessionStorage, new Factory());
 
+/**
+ * Setup the IP whitelist
+ */
+$whitelist = new Ip([
+    new \OpCacheGUI\Network\Ip\Any(),
+    new \OpCacheGUI\Network\Ip\Localhost(),
+    new \OpCacheGUI\Network\Ip\Single(),
+    new \OpCacheGUI\Network\Ip\Wildcard(),
+    new \OpCacheGUI\Network\Ip\Range(),
+    new \OpCacheGUI\Network\Ip\Cidr(),
+]);
+$whitelist->buildWhitelist($login['whitelist']);
+
 /**
  * Setup the authentication object
  */
-$user = new User($sessionStorage, $login['username'], $login['password']);
+$user = new User($sessionStorage, $login['username'], $login['password'], $whitelist);
 
 /**
  * Setup URL renderer
diff --git a/init.example.php b/init.example.php
@@ -45,11 +45,26 @@
 
 /**
  * Login credentials
- * 
+ *
  * The password can be any password hash which contains the hash algorithm, the cost and the salt
  * (e.g as returned by password_hash() or crypt())
+ *
+ * Only addresses on the whitelist are allowed to log in
+ * The whitelist can contain a list of IP addresses of ranges in one of the following formats:
+ *
+ * * allows any IP address to log in (effectively disabling the whitelist and allowing access from any IP)
+ * localhost or 127.0.0.1 allows only log ins from the machine on which the application runs
+ * 10.0.0.5 allows a single address access
+ * 10.0.0.* allows any log in from the range starting from 10.0.0.0 to 10.0.0.255. All octets but the first can be a wildcard
+ * 10.0.0.1-10.0.0.24 defines a range of IP addresses which are allowed to log in (including the IP addresses defining the range)
+ * 10.0.0.10/24 defines a range of IP addresses in the CIDR format
+ *
+ * Multiple addresses or ranges can be defined
  */
 $login = [
-    'username' => 'peehaa',
-    'password' => '$2y$14$kHoRlbxPF7Bf1903cDMTgeYBsFgF8aJA46LIH9Nsg4/ocDa9HTTbe',
+    'username'  => 'peehaa',
+    'password'  => '$2y$14$kHoRlbxPF7Bf1903cDMTgeYBsFgF8aJA46LIH9Nsg4/ocDa9HTTbe',
+    'whitelist' => [
+        'localhost',
+    ],
 ];
diff --git a/routes.php b/routes.php
@@ -55,7 +55,7 @@
     });
 
     $router->post('', function() use ($htmlTemplate, $csrfToken, $request, $user, $request) {
-        if ($csrfToken->validate($request->post('csrfToken')) && $user->login($request->post('username'), $request->post('password'))) {
+        if ($csrfToken->validate($request->post('csrfToken')) && $user->login($request->post('username'), $request->post('password'), $request->getIp())) {
             header('Location: ' . $request->getUrl());
             exit;
         }

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@`
`55`	`55`	`});`
`56`	`56`
`57`	`57`	`$router->post('', function() use ($htmlTemplate, $csrfToken, $request, $user, $request) {`
`58`		`- if ($csrfToken->validate($request->post('csrfToken')) && $user->login($request->post('username'), $request->post('password'))) {`
	`58`	`+ if ($csrfToken->validate($request->post('csrfToken')) && $user->login($request->post('username'), $request->post('password'), $request->getIp())) {`
`59`	`59`	`header('Location: ' . $request->getUrl());`
`60`	`60`	`exit;`
`61`	`61`	`}`