diff options
| author | Chris Cornutt <chris.cornutt@hp.com> | 2015-01-27 11:41:08 -0600 |
|---|---|---|
| committer | Chris Cornutt <chris.cornutt@hp.com> | 2015-01-27 11:41:08 -0600 |
| commit | f4fd7973c20709da190e8bb207e635714c961cd3 (patch) | |
| tree | 01a92740fe794c119e934d779b600e8160720fa8 | |
| parent | 7601f4eeb86b6c95f8aede6713cdc36dc2dbe6d9 (diff) | |
| download | gatekeeper-f4fd7973c20709da190e8bb207e635714c961cd3.zip gatekeeper-f4fd7973c20709da190e8bb207e635714c961cd3.tar.gz gatekeeper-f4fd7973c20709da190e8bb207e635714c961cd3.tar.bz2 | |
adding Restriction handling and first one: IP-based2.0
| -rw-r--r-- | src/Psecio/Gatekeeper/Gatekeeper.php | 34 | ||||
| -rw-r--r-- | src/Psecio/Gatekeeper/Restrict/Ip.php | 68 | ||||
| -rw-r--r-- | src/Psecio/Gatekeeper/Restriction.php | 49 |
3 files changed, 151 insertions, 0 deletions
diff --git a/src/Psecio/Gatekeeper/Gatekeeper.php b/src/Psecio/Gatekeeper/Gatekeeper.php index e8b6ba4..201ff6f 100644 --- a/src/Psecio/Gatekeeper/Gatekeeper.php +++ b/src/Psecio/Gatekeeper/Gatekeeper.php @@ -32,6 +32,8 @@ class Gatekeeper */ private static $throttleStatus = true; + private static $restrictions = array(); + /** * Initialize the Gatekeeper instance, set up environment file and PDO connection * @@ -50,6 +52,13 @@ class Gatekeeper if (isset($config['throttle']) && $config['throttle'] === false) { self::disableThrottle(); } + + self::loadRestrictions(); + } + + public static function loadRestrictions() + { + } /** @@ -185,6 +194,15 @@ class Gatekeeper } } + // Check any restrictions + if (!empty(self::$restrictions)) { + foreach (self::$restrictions as $restriction) { + if ($restriction->evaluate() === false) { + throw new Exception\RestrictionFailedException('Restriction '.get_class($restriction).' failed'); + } + } + } + // Verify the password! $result = password_verify($credentials['password'], $user->password); @@ -444,4 +462,20 @@ class Gatekeeper $instance = self::$datasource->find($instance, $data); return $instance; } + + /** + * Create a restriction and add it to be evaluated + * + * @param string $type Restriction type + * @param array $config Restriction configuration + */ + public static function restrict($type, array $config) + { + $classNs = '\\Psecio\\Gatekeeper\\Restrict\\'.ucwords(strtolower($type)); + if (!class_exists($classNs)) { + throw new \InvalidArgumentException('Restriction type "'.$type.'" is invalid'); + } + $instance = new $classNs($config); + self::$restrictions[] = $instance; + } }
\ No newline at end of file diff --git a/src/Psecio/Gatekeeper/Restrict/Ip.php b/src/Psecio/Gatekeeper/Restrict/Ip.php new file mode 100644 index 0000000..1c0a829 --- /dev/null +++ b/src/Psecio/Gatekeeper/Restrict/Ip.php @@ -0,0 +1,68 @@ +<?php + +namespace Psecio\Gatekeeper\Restrict; + +class Ip extends \Psecio\Gatekeeper\Restriction +{ + /** + * Execute the evaluation for the restriction + * + * @return boolean Success/fail of evaluation + */ + public function evaluate() + { + if (!isset($_SERVER['REMOTE_ADDR']) || empty($_SERVER['REMOTE_ADDR'])) { + throw new \Psecio\Gatekeeper\Exception\DataNotFoundException('Cannot get remote address'); + } + + $ip = $_SERVER['REMOTE_ADDR']; + $config = $this->getConfig(); + + if ($this->check($config, 'DENY', $ip) === true) { + return false; + } + if ($this->check($config, 'ALLOW', $ip) === false) { + return false; + } + return true; + } + + /** + * Check to see if the value matches against the configuration type + * + * @param array $config Configuration options + * @param string $type Configuration type (ALLOW or DENY) + * @param string $value Value to compare against + * @return boolean Found/not found by matching + */ + public function check(array $config, $type, $value) + { + if (!isset($config[$type])) { + return false; + } + $found = false; + $config = (!is_array($config[$type])) ? array($config[$type]) : $config[$type]; + + foreach ($config as $pattern) { + $result = $this->validateIpContains($value, $pattern); + if ($result === true && $found === false) { + $found = true; + } + } + return $found; + } + + /** + * Evaluate to see if the pattern given matches the IP address value + * + * @param string $ipAddress IPv4 address + * @param string $pattern Pattern to match against + * @return boolean Contains/does not contain + */ + public function validateIpContains($ipAddress, $pattern) + { + // Replace wildcards (*) with regex matches and escape dots + $pattern = str_replace(array('.', '*'), array('\.', '.+'), $pattern); + return (preg_match('#'.$pattern.'#', $ipAddress) == true); + } +}
\ No newline at end of file diff --git a/src/Psecio/Gatekeeper/Restriction.php b/src/Psecio/Gatekeeper/Restriction.php new file mode 100644 index 0000000..2a98d93 --- /dev/null +++ b/src/Psecio/Gatekeeper/Restriction.php @@ -0,0 +1,49 @@ +<?php + +namespace Psecio\Gatekeeper; + +abstract class Restriction +{ + /** + * Restriction configuration + * @var array + */ + private $config = array(); + + /** + * Init the object and set the configuration + * + * @param array $config Configuration settings + */ + public function __construct(array $config) + { + $this->setConfig($config); + } + + /** + * Set the configuration property + * + * @param array $config Configuration settings + */ + public function setConfig(array $config) + { + $this->config = $config; + } + + /** + * Get the confguration settings + * + * @return array Configuration settings + */ + public function getConfig() + { + return $this->config; + } + + /** + * Evaluate the restriction based on given data + * + * @return boolean Pass/fail of restriction + */ + abstract public function evaluate(); +}
\ No newline at end of file |