Merge pull request #96 from phenixphp/feature/improve-ip-parser

Improve ip parser

Author: barbosa89

src/Auth/Middlewares/Authenticated.php

@@ -16,7 +16,7 @@
 use Phenix\Facades\Config;
 use Phenix\Facades\Event;
 use Phenix\Http\Constants\HttpStatus;
-use Phenix\Http\IpAddress;
+use Phenix\Http\Ip;
 use Phenix\Http\Request as HttpRequest;
 
 class Authenticated implements Middleware
@@ -34,7 +34,7 @@ public function handleRequest(Request $request, RequestHandler $next): Response
         /** @var AuthenticationManager $auth */
         $auth = App::make(AuthenticationManager::class);
 
-        $clientIp = IpAddress::hash($request);
+        $clientIp = Ip::make($request)->hash();
 
         if (! $token || ! $auth->validate($token)) {
             Event::emitAsync(new FailedTokenValidation(

src/Auth/Middlewares/TokenRateLimit.php

@@ -12,7 +12,7 @@
 use Phenix\Auth\AuthenticationManager;
 use Phenix\Facades\Config;
 use Phenix\Http\Constants\HttpStatus;
-use Phenix\Http\IpAddress;
+use Phenix\Http\Ip;
 
 use function str_starts_with;
 
@@ -29,7 +29,7 @@ public function handleRequest(Request $request, RequestHandler $next): Response
         /** @var AuthenticationManager $auth */
         $auth = App::make(AuthenticationManager::class);
 
-        $clientIp = IpAddress::hash($request);
+        $clientIp = Ip::make($request)->hash();
 
         $attemptLimit = (int) (Config::get('auth.tokens.rate_limit.attempts', 5));
         $windowSeconds = (int) (Config::get('auth.tokens.rate_limit.window', 300));

src/Cache/RateLimit/Middlewares/RateLimiter.php

@@ -12,7 +12,7 @@
 use Phenix\Cache\RateLimit\RateLimitManager;
 use Phenix\Facades\Config;
 use Phenix\Http\Constants\HttpStatus;
-use Phenix\Http\IpAddress;
+use Phenix\Http\Ip;
 
 class RateLimiter implements Middleware
 {
@@ -29,7 +29,7 @@ public function handleRequest(Request $request, RequestHandler $next): Response
             return $next->handleRequest($request);
         }
 
-        $clientIp = IpAddress::hash($request);
+        $clientIp = Ip::make($request)->hash();
         $current = $this->rateLimiter->increment($clientIp);
 
         $perMinuteLimit = (int) Config::get('cache.rate_limit.per_minute', 60);

src/Http/Ip.php

@@ -0,0 +1,102 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Phenix\Http;
+
+use Amp\Http\Server\Request;
+
+class Ip
+{
+    protected string $address;
+
+    protected string $host;
+
+    protected int|null $port = null;
+
+    protected array $forwardingAddresses = [];
+
+    public function __construct(Request $request)
+    {
+        $this->address = $request->getClient()->getRemoteAddress()->toString();
+
+        if ($forwardingHeader = $request->getHeader('X-Forwarded-For')) {
+            $parts = array_map(static fn ($v) => trim($v), explode(',', $forwardingHeader));
+            $this->forwardingAddresses = $parts;
+        }
+    }
+
+    public static function make(Request $request): self
+    {
+        $ip = new self($request);
+        $ip->parse();
+
+        return $ip;
+    }
+
+    public function address(): string
+    {
+        return $this->address;
+    }
+
+    public function host(): string
+    {
+        return $this->host;
+    }
+
+    public function port(): int|null
+    {
+        return $this->port;
+    }
+
+    public function isForwarded(): bool
+    {
+        return ! empty($this->forwardingAddresses);
+    }
+
+    public function forwardingAddresses(): array
+    {
+        return $this->forwardingAddresses;
+    }
+
+    public function hash(): string
+    {
+        return hash('sha256', $this->host);
+    }
+
+    protected function parse(): void
+    {
+        $address = trim($this->address);
+
+        if (preg_match('/^\[(?<addr>[^\]]+)\](?::(?<port>\d+))?$/', $address, $m) === 1) {
+            $this->host = $m['addr'];
+            $this->port = isset($m['port']) ? (int) $m['port'] : null;
+
+            return;
+        }
+
+        if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+            $this->host = $address;
+            $this->port = null;
+
+            return;
+        }
+
+        if (str_contains($address, ':')) {
+            [$maybeHost, $maybePort] = explode(':', $address, 2);
+
+            if (
+                filter_var($maybeHost, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ||
+                filter_var($maybeHost, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)
+            ) {
+                $this->host = $maybeHost;
+                $this->port = is_numeric($maybePort) ? (int) $maybePort : null;
+
+                return;
+            }
+        }
+
+        $this->host = $address;
+        $this->port = null;
+    }
+}

src/Http/IpAddress.php

@@ -147,9 +147,9 @@ public function session(string|null $key = null, array|string|int|null $default
         return $this->session;
     }
 
-    public function ip(): string|null
+    public function ip(): Ip
     {
-        return IpAddress::parse($this->request);
+        return Ip::make($this->request);
     }
 
     public function toArray(): array