From fff849a2d0caaec5dfbb97f8d1b4d8c89255e2c9 Mon Sep 17 00:00:00 2001 From: alexmerlin Date: Tue, 10 Dec 2024 13:26:45 +0200 Subject: [PATCH 1/3] Issue #316: Obfuscate admin login IP address Signed-off-by: alexmerlin --- src/Admin/src/Service/AdminService.php | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/Admin/src/Service/AdminService.php b/src/Admin/src/Service/AdminService.php index 8f9915eb..e63f537b 100644 --- a/src/Admin/src/Service/AdminService.php +++ b/src/Admin/src/Service/AdminService.php @@ -200,17 +200,12 @@ public function logAdminVisit(array $serverParams, string $name, string $status) $ipAddress = IpService::getUserIp($serverParams); - $country = ! empty($this->locationService->getCountry($ipAddress)->getName()) ? - $this->locationService->getCountry($ipAddress)->getName() : ''; - - $continent = ! empty($this->locationService->getContinent($ipAddress)->getName()) ? - $this->locationService->getContinent($ipAddress)->getName() : ''; - - $organization = ! empty($this->locationService->getOrganization($ipAddress)->getName()) ? - $this->locationService->getOrganization($ipAddress)->getName() : ''; + $country = $this->locationService->getCountry($ipAddress)->getName(); + $continent = $this->locationService->getContinent($ipAddress)->getName(); + $organization = $this->locationService->getOrganization($ipAddress)->getName(); $adminLogin = (new AdminLogin()) - ->setAdminIp($ipAddress) + ->setAdminIp($this->locationService->obfuscateIpAddress($ipAddress)) ->setContinent($continent) ->setCountry($country) ->setOrganization($organization) From 25961e7490cf2098f64558a185f4c82a52d3ae39 Mon Sep 17 00:00:00 2001 From: alexmerlin Date: Wed, 11 Dec 2024 07:54:04 +0200 Subject: [PATCH 2/3] Mask obfuscated bit according to its length Signed-off-by: alexmerlin --- src/Admin/src/Service/AdminService.php | 2 +- src/App/src/Service/IpService.php | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/Admin/src/Service/AdminService.php b/src/Admin/src/Service/AdminService.php index e63f537b..49342dad 100644 --- a/src/Admin/src/Service/AdminService.php +++ b/src/Admin/src/Service/AdminService.php @@ -205,7 +205,7 @@ public function logAdminVisit(array $serverParams, string $name, string $status) $organization = $this->locationService->getOrganization($ipAddress)->getName(); $adminLogin = (new AdminLogin()) - ->setAdminIp($this->locationService->obfuscateIpAddress($ipAddress)) + ->setAdminIp(IpService::obfuscateIpAddress($ipAddress)) ->setContinent($continent) ->setCountry($country) ->setOrganization($organization) diff --git a/src/App/src/Service/IpService.php b/src/App/src/Service/IpService.php index fa694fe5..53276c45 100644 --- a/src/App/src/Service/IpService.php +++ b/src/App/src/Service/IpService.php @@ -6,6 +6,9 @@ use function filter_var; use function getenv; +use function preg_replace_callback; +use function str_repeat; +use function strlen; use const FILTER_FLAG_IPV4; use const FILTER_FLAG_IPV6; @@ -53,4 +56,17 @@ public static function isPublicIp(string $ipAddress): bool FILTER_FLAG_NO_RES_RANGE ) === $ipAddress; } + + public static function obfuscateIpAddress(string $ipAddress, string $mask = 'x'): string + { + if (filter_var($ipAddress, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + $pattern = '/\d+$/'; + } elseif (filter_var($ipAddress, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + $pattern = '/[a-z0-9]+$/i'; + } else { + return $ipAddress; + } + + return preg_replace_callback($pattern, fn (array $last) => str_repeat($mask, strlen($last[0])), $ipAddress); + } } From e436348dd19e3cbb461b2146680caaa7c56a79c6 Mon Sep 17 00:00:00 2001 From: alexmerlin Date: Wed, 11 Dec 2024 12:13:04 +0200 Subject: [PATCH 3/3] Revert masking Signed-off-by: alexmerlin --- src/Admin/src/Service/AdminService.php | 2 +- src/App/src/Service/IpService.php | 16 ---------------- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/src/Admin/src/Service/AdminService.php b/src/Admin/src/Service/AdminService.php index 49342dad..e63f537b 100644 --- a/src/Admin/src/Service/AdminService.php +++ b/src/Admin/src/Service/AdminService.php @@ -205,7 +205,7 @@ public function logAdminVisit(array $serverParams, string $name, string $status) $organization = $this->locationService->getOrganization($ipAddress)->getName(); $adminLogin = (new AdminLogin()) - ->setAdminIp(IpService::obfuscateIpAddress($ipAddress)) + ->setAdminIp($this->locationService->obfuscateIpAddress($ipAddress)) ->setContinent($continent) ->setCountry($country) ->setOrganization($organization) diff --git a/src/App/src/Service/IpService.php b/src/App/src/Service/IpService.php index 53276c45..fa694fe5 100644 --- a/src/App/src/Service/IpService.php +++ b/src/App/src/Service/IpService.php @@ -6,9 +6,6 @@ use function filter_var; use function getenv; -use function preg_replace_callback; -use function str_repeat; -use function strlen; use const FILTER_FLAG_IPV4; use const FILTER_FLAG_IPV6; @@ -56,17 +53,4 @@ public static function isPublicIp(string $ipAddress): bool FILTER_FLAG_NO_RES_RANGE ) === $ipAddress; } - - public static function obfuscateIpAddress(string $ipAddress, string $mask = 'x'): string - { - if (filter_var($ipAddress, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { - $pattern = '/\d+$/'; - } elseif (filter_var($ipAddress, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { - $pattern = '/[a-z0-9]+$/i'; - } else { - return $ipAddress; - } - - return preg_replace_callback($pattern, fn (array $last) => str_repeat($mask, strlen($last[0])), $ipAddress); - } }