michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Update Usage of IpAddress Value Object

Browse Source
This commit is contained in:
Michael Schiemer
2025-10-27 12:31:57 +01:00
parent 9a8dd07c62
commit 093d3df92d
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Framework/Http/Middlewares/ProductionSecurityMiddleware.php
View File

@@ -7,12 +7,14 @@ namespace App\Framework\Http\Middlewares;
use App\Framework\Config\Environment; use App\Framework\Config\Environment;
use App\Framework\Config\EnvKey; use App\Framework\Config\EnvKey;
use App\Framework\Http\HttpMiddleware; use App\Framework\Http\HttpMiddleware;
use App\Framework\Http\JsonErrorResponse; use App\Framework\Http\IpAddress;
use App\Framework\Http\MiddlewareContext; use App\Framework\Http\MiddlewareContext;
use App\Framework\Http\MiddlewarePriority; use App\Framework\Http\MiddlewarePriority;
use App\Framework\Http\MiddlewarePriorityAttribute; use App\Framework\Http\MiddlewarePriorityAttribute;
use App\Framework\Http\Next; use App\Framework\Http\Next;
use App\Framework\Http\RequestStateManager; use App\Framework\Http\RequestStateManager;
use App\Framework\Http\Responses\JsonResponse;
use App\Framework\Http\Status;
/** /**
* Middleware to block sensitive routes in production environment * Middleware to block sensitive routes in production environment
@@ -70,9 +72,9 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
// Block sensitive debug routes completely in production // Block sensitive debug routes completely in production
if ($this->isBlockedRoute($path)) { if ($this->isBlockedRoute($path)) {
return $context->withResponse( return $context->withResponse(
new JsonErrorResponse( new JsonResponse(
message: 'Not Found', body: ['error' => 'Not Found'],
statusCode: 404 status: Status::NOT_FOUND
) )
); );
} }
@@ -80,9 +82,9 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
// Check IP whitelist for admin routes // Check IP whitelist for admin routes
if ($this->isIpRestrictedRoute($path) && ! $this->isAllowedIp($clientIp)) { if ($this->isIpRestrictedRoute($path) && ! $this->isAllowedIp($clientIp)) {
return $context->withResponse( return $context->withResponse(
new JsonErrorResponse( new JsonResponse(
message: 'Access Denied', body: ['error' => 'Access Denied'],
statusCode: 403 status: Status::FORBIDDEN
) )
); );
} }
@@ -112,14 +114,16 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
return false; return false;
} }
private function isAllowedIp(?string $clientIp): bool private function isAllowedIp(?IpAddress $clientIp): bool
{ {
if ($clientIp === null) { if ($clientIp === null) {
return false; return false;
} }
$ipString = (string) $clientIp;
// Check if IP is in whitelist // Check if IP is in whitelist
if (in_array($clientIp, self::ALLOWED_IPS, true)) { if (in_array($ipString, self::ALLOWED_IPS, true)) {
return true; return true;
} }
@@ -128,7 +132,7 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
if (! empty($allowedIpsEnv)) { if (! empty($allowedIpsEnv)) {
$allowedIps = array_map('trim', explode(',', $allowedIpsEnv)); $allowedIps = array_map('trim', explode(',', $allowedIpsEnv));
return in_array($clientIp, $allowedIps, true); return in_array($ipString, $allowedIps, true);
} }
return false; return false;