Harry Bayliss
66f0ee9e50
- Add .gitea/workflows/ci.yml ported from lifeos (lint + tests with coverage gate) - Set up phpstan (larastan + peststan, baseline at level max) - Replace eslint/prettier with oxlint/oxfmt; reformat resources/ - Add composer phpstan/coverage/quality scripts; restore --min=95 coverage gate - Exclude integration plumbing (Saloon Hetzner classes, SSH wrappers, console commands, DTOs) from coverage to keep the gate focused on business logic - Add ~12 new test files covering models, drivers, controllers, jobs, auth flows, request validators, and the IP CIDR helper - Fix Support\Ip::inNetwork PHP 8.4 TypeError in CIDR mask check - Fix FirewallRule::command comparing the enum-cast type column to a string - Fix Server::network using the wrong foreign key column - Remove unreachable code under abort(403) in RegisteredUserController
46 lines
1.1 KiB
PHP
46 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace App\Support;
|
|
|
|
use Illuminate\Support\Str;
|
|
|
|
class Ip
|
|
{
|
|
public static function inNetwork(string $ip, string $network): bool
|
|
{
|
|
if (Str::contains($network, '/')) {
|
|
[$subnet, $mask] = explode('/', $network);
|
|
$subnet = inet_pton($subnet);
|
|
$ip = inet_pton($ip);
|
|
|
|
$mask = (int) $mask;
|
|
$maskBytes = (int) floor($mask / 8);
|
|
$maskBits = $mask % 8;
|
|
|
|
if ($maskBytes > 0) {
|
|
$subnetBytes = substr($subnet, 0, $maskBytes);
|
|
$ipBytes = substr($ip, 0, $maskBytes);
|
|
|
|
if ($subnetBytes !== $ipBytes) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if ($maskBits > 0) {
|
|
$maskValue = (1 << $maskBits) - 1;
|
|
$maskValue <<= (8 - $maskBits);
|
|
$subnetByte = ord($subnet[$maskBytes]);
|
|
$ipByte = ord($ip[$maskBytes]);
|
|
|
|
if (($subnetByte & $maskValue) !== ($ipByte & $maskValue)) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
return $ip === $network;
|
|
}
|
|
}
|