Merge pull request #3 from jeyserver/2-support-ipv6

2 support ipv6

Author: hosni

bootstrap/app.php

@@ -13,7 +13,6 @@
 $container = Container::getInstance();
 
 $container->singleton(InotifyProxy::class);
-$container->singleton(GoogleBotDetector::class);
 $container->singleton(LogAnalyzer::class);
 $container->singleton(LogsWatcher::class);
 $container->singleton(NginxBlocker::class);
@@ -22,15 +21,28 @@
 $container->singleton(WhitelistManager::class);
 $container->singleton(SelfIPsList::class);
 $container->singleton(CsfAllowList::class);
+$container->singleton(Logger::class);
+$container->singleton(LoggerInterface::class, Logger::class);
+$container->singleton(GoogleBotDetector::class, function (Container $container): GoogleBotDetector {
+    /** @var LoggerInterface */
+    $logger = $container->make(LoggerInterface::class);
+    /** @var Config */
+    $config = $container->make(Config::class);
+
+    /** @var array<string,array{path:string,url:string}> */
+    $files = $config->get(GoogleBotDetector::class.'.options.files');
+
+    return new GoogleBotDetector($logger, $config, $files ?: []);
+});
 $container->singleton(Rules\GoogleBotRule::class);
 $container->singleton(Rules\ServerErrorRule::class);
 $container->singleton(Rules\StaticFileRule::class);
 $container->singleton(Rules\WhiteListedRule::class);
 $container->singleton(Rules\AlreadyBlockedRule::class);
-$container->singleton(Logger::class);
-$container->singleton(LoggerInterface::class, Logger::class);
-$container->singleton(Rules\BadBotsRule::class, function ($container) {
+$container->singleton(Rules\BadBotsRule::class, function (Container $container): Rules\BadBotsRule {
+    /** @var LoggerInterface */
     $logger = $container->make(LoggerInterface::class);
+    /** @var Config */
     $config = $container->make(Config::class);
     $filePath = $config->getFilePath(Rules\BadBotsRule::class.'.options.list');
     if (!$filePath) {
@@ -40,27 +52,32 @@
 
     return new Rules\BadBotsRule($logger, $list);
 });
-$container->singleton(Rules\BruteForceRule::class, function ($container) {
+$container->singleton(Rules\BruteForceRule::class, function (Container $container): Rules\BruteForceRule {
+    /** @var Config */
     $config = $container->make(Config::class);
+
+    /** @var array{maxRequests?:int,period?:int} */
     $options = $config->getOptionsFor(Rules\BruteForceRule::class);
 
     return new Rules\BruteForceRule($options['maxRequests'] ?? 100, $options['period'] ?? 120);
 });
-$container->singleton(Rules\WPBruteForceRule::class, function ($container) {
+$container->singleton(Rules\WPBruteForceRule::class, function (Container $container): Rules\WPBruteForceRule {
+    /** @var Config */
     $config = $container->make(Config::class);
+    /** @var array{maxRequests?:int,period?:int} */
     $options = $config->getOptionsFor(Rules\WPBruteForceRule::class);
 
     return new Rules\WPBruteForceRule($options['maxRequests'] ?? 10, $options['period'] ?? 60);
 });
-$container->singleton(Application::class, function ($container) {
+$container->singleton(Application::class, function (Container $container): Application {
     $app = new Application();
     $app->add(new Commands\Start($container));
     $app->add(new Commands\Install($container));
 
     return $app;
 });
 
-$container->singleton('bin-path', function () {
+$container->singleton('bin-path', function (): string {
     $pharPath = \Phar::running(false);
     if ($pharPath) {
         return $pharPath;
@@ -69,7 +86,7 @@
     return dirname(__DIR__).'/bin/bot-blocker';
 });
 
-$container->singleton('bin-dir-path', function () {
+$container->singleton('bin-dir-path', function (): string {
     $pharPath = \Phar::running(false);
     if ($pharPath) {
         return dirname($pharPath);

composer.json

@@ -7,12 +7,13 @@
 		"php": "^7.4|^8.0",
 		"dnj/local-filesystem": "^1.0",
 		"dnj/log": "^1.1",
+		"dnj/tmp-filesystem": "^1.1",
+		"guzzlehttp/guzzle": "^7.4",
+		"illuminate/container": "^5.4",
 		"kassner/log-parser": "^2.1",
-		"league/mime-type-detection": "^1.9",
 		"krowinski/php-inotify": "^2.0",
-		"illuminate/container": "^5.4",
-		"guzzlehttp/guzzle": "^7.4",
-		"dnj/tmp-filesystem": "^1.1",
+		"league/mime-type-detection": "^1.9",
+		"mlocati/ip-lib": "^1.18",
 		"symfony/console": "^5.0",
 		"webignition/php-path-resolver": "^0.4.0"
 	},
@@ -45,6 +46,7 @@
 	"minimum-stability": "dev",
 	"prefer-stable": true,
 	"config": {
-		"allow-plugins": false
+		"allow-plugins": false,
+		"sort-packages": true
 	}
 }

composer.lock

@@ -27,6 +27,29 @@
 			}
 		}
 	],
+	"google-bot-detector": {
+		"name": "Arad\\BotBlocker\\GoogleBotDetector",
+		"options": {
+			"files": {
+				"goog.json": {
+					"path": "google-bot-detector/goog.json",
+					"url": "https://www.gstatic.com/ipranges/goog.json"
+				},
+				"googlebot.json": {
+					"path": "google-bot-detector/googlebot.json",
+					"url": "https://developers.google.com/static/search/apis/ipranges/googlebot.json"
+				},
+				"special-crawlers.json": {
+					"path": "google-bot-detector/special-crawlers.json",
+					"url": "https://developers.google.com/static/search/apis/ipranges/special-crawlers.json"
+				},
+				"user-triggered-fetchers.json": {
+					"path": "google-bot-detector/user-triggered-fetchers.json",
+					"url": "https://developers.google.com/static/search/apis/ipranges/user-triggered-fetchers.json"
+				}
+			}
+		}
+	},
 	"logging": {
 		"file": "/var/log/bot-blocker.log",
 		"quiet": true,

config.json

@@ -14,6 +14,7 @@ class Config
     public static function parseFromFile(File $file): self
     {
         $config = json_decode($file->read(), true, 512, JSON_THROW_ON_ERROR);
+        self::setClassOptions($config, 'google-bot-detector');
         self::setClassOptions($config, 'defense-system');
         self::setClassOptions($config, 'monitor-system');
         if (isset($config['rules']) and is_array($config['rules'])) {

src/Config.php

@@ -4,6 +4,9 @@
 
 use dnj\Filesystem\Local\File;
 use Exception;
+use IPLib\Address\AddressInterface;
+use IPLib\Factory as IPLibFactory;
+use IPLib\Range\RangeInterface;
 use Psr\Log\LoggerAwareInterface;
 use Psr\Log\LoggerInterface;
 
@@ -12,17 +15,14 @@
  */
 class CsfAllowList implements LoggerAwareInterface
 {
-    /**
-     * @var SortedList<int>
-     */
-    protected SortedList $ips;
+    /** @var RangeInterface[] */
+    protected array $ipRanges = [];
 
     protected LoggerInterface $logger;
 
     public function __construct(LoggerInterface $logger)
     {
         $this->logger = $logger;
-        $this->ips = new SortedList();
     }
 
     public function setLogger(LoggerInterface $logger): void
@@ -37,7 +37,7 @@ public function getLogger(): LoggerInterface
 
     public function reload(): void
     {
-        $this->ips = new SortedList();
+        $this->ipRanges = [];
         $files = [
             new File('/etc/csf/csf.allow'),
             new File('/etc/csf/csf.ignore'),
@@ -62,27 +62,37 @@ public function addFromFile(File $file): void
         }
     }
 
-    public function has(string $ip): bool
+    public function has(AddressInterface $ip): bool
     {
-        $ip = ip2long($ip);
-        if (false === $ip) {
-            return false;
+        foreach ($this->ipRanges as $ipRange) {
+            if ($ipRange->contains($ip)) {
+                return true;
+            }
         }
 
-        return $this->ips->has($ip);
+        return false;
     }
 
     /**
-     * @return \Generator<string>
+     * @return \Generator<AddressInterface>
      */
     public function getIPs(): \Generator
     {
-        foreach ($this->ips as $ip) {
-            $ip = long2ip($ip);
-            if (false === $ip) {
-                continue;
+        foreach ($this->ipRanges as $ipRange) {
+            yield from $this->getIpsFromRange($ipRange);
+        }
+    }
+
+    /**
+     * @return \Generator<AddressInterface>
+     */
+    protected function getIpsFromRange(RangeInterface $range): \Generator
+    {
+        for ($x = 0; $x < $range->getSize(); ++$x) {
+            $ip = $range->getAddressAtOffset($x);
+            if ($ip) {
+                yield $ip;
             }
-            yield $ip;
         }
     }
 
@@ -101,42 +111,10 @@ protected function processLine(string $line): void
         if (false !== strpos($line, '|')) {
             return;
         }
-        $subnet = $this->getSubnet($line);
-        $this->addSubnet($subnet);
-    }
 
-    /**
-     * @param Subnet $subnet
-     */
-    protected function addSubnet(array $subnet): void
-    {
-        for ($x = $subnet[0]; $x < $subnet[1]; ++$x) {
-            $this->ips->add($x);
+        $range = IPLibFactory::parseRangeString($line);
+        if ($range) {
+            $this->ipRanges[] = $range;
         }
     }
-
-    /**
-     * @return Subnet
-     */
-    protected function getSubnet(string $subnet): array
-    {
-        if (!preg_match("/^([\d\.]+)(?:\/(\d+))?$/", $subnet, $matches)) {
-            throw new Exception("'{$subnet}' is not valid subnet");
-        }
-        $network = $matches[1];
-        $netmask = isset($matches[2]) ? intval($matches[2]) : 32;
-        if (!filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
-            throw new Exception("'{$subnet}' is not valid subnet");
-        }
-        if ($netmask > 32) {
-            throw new Exception("'{$subnet}' is not valid subnet");
-        }
-        $start = ip2long($network);
-        if (false === $start) {
-            throw new Exception();
-        }
-        $end = $start + pow(2, 32 - $netmask);
-
-        return [$start, $end];
-    }
 }