harry/keystone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

better IP validation

Browse Source
This commit is contained in:
Harry (hjbdev)
2025-03-30 15:49:55 +00:00
parent 25543b497f
commit 678581b822
2 changed files with 54 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
app/Support/Ip.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
namespace App\Support;
use Illuminate\Support\Str;
class Ip
{
public static function inNetwork(string $ip, string $network): bool
{
if (Str::contains($network, '/')) {
[$subnet, $mask] = explode('/', $network);
$subnet = inet_pton($subnet);
$ip = inet_pton($ip);
$mask = (int) $mask;
$maskBytes = (int) floor($mask / 8);
$maskBits = $mask % 8;
if ($maskBytes > 0) {
$subnetBytes = substr($subnet, 0, $maskBytes);
$ipBytes = substr($ip, 0, $maskBytes);
if ($subnetBytes !== $ipBytes) {
return false;
}
}
if ($maskBits > 0) {
$maskValue = chr(pow(2, $maskBits) - 1);
$subnetByte = ord($subnet[$maskBytes]);
$ipByte = ord($ip[$maskBytes]);
if (($subnetByte & $maskValue) !== ($ipByte & $maskValue)) {
return false;
}
}
return true;
}
return $ip === $network;
}
}

12
routes/web.php
View File

@@ -6,6 +6,7 @@ use App\Http\Controllers\EnvironmentController;
use App\Http\Controllers\OrganisationController; use App\Http\Controllers\OrganisationController;
use App\Http\Controllers\ServerController; use App\Http\Controllers\ServerController;
use App\Models\Server; use App\Models\Server;
use App\Support\Ip;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
use Inertia\Inertia; use Inertia\Inertia;
@@ -67,9 +68,16 @@ Route::post('/provision-callback', function (Request $request) {
$server = Server::find($validated['server_id']); $server = Server::find($validated['server_id']);
// Check against ipv4 and ipv6
$isValidIp = false;
if ($server->ipv4 && Ip::inNetwork($request->ip(), $server->ipv4)) {
$isValidIp = true;
}
if ($server->ipv6 && Ip::inNetwork($request->ip(), $server->ipv6)) {
$isValidIp = true;
}
if ($request->ip() !== $server->ipv4 && inet_pton($request->ip()) !== inet_pton($server->ipv6)) { if (! $isValidIp) {
logger('someone tried to callback from an invalid IP'); logger('someone tried to callback from an invalid IP');
logger(' server ip: ' . $server->ipv4); logger(' server ip: ' . $server->ipv4);
logger(' server ipv6: ' . $server->ipv6); logger(' server ipv6: ' . $server->ipv6);