aboutsummaryrefslogtreecommitdiffstats
path: root/apps/settings/lib/SetupChecks/AllowedAdminRanges.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/settings/lib/SetupChecks/AllowedAdminRanges.php')
-rw-r--r--apps/settings/lib/SetupChecks/AllowedAdminRanges.php63
1 files changed, 63 insertions, 0 deletions
diff --git a/apps/settings/lib/SetupChecks/AllowedAdminRanges.php b/apps/settings/lib/SetupChecks/AllowedAdminRanges.php
new file mode 100644
index 00000000000..5116676dd43
--- /dev/null
+++ b/apps/settings/lib/SetupChecks/AllowedAdminRanges.php
@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\Settings\SetupChecks;
+
+use OC\Security\Ip\Range;
+use OC\Security\Ip\RemoteAddress;
+use OCP\IConfig;
+use OCP\IL10N;
+use OCP\SetupCheck\ISetupCheck;
+use OCP\SetupCheck\SetupResult;
+
+class AllowedAdminRanges implements ISetupCheck {
+ public function __construct(
+ private IConfig $config,
+ private IL10N $l10n,
+ ) {
+ }
+
+ public function getCategory(): string {
+ return 'system';
+ }
+
+ public function getName(): string {
+ return $this->l10n->t('Allowed admin IP ranges');
+ }
+
+ public function run(): SetupResult {
+ $allowedAdminRanges = $this->config->getSystemValue(RemoteAddress::SETTING_NAME, false);
+ if (
+ $allowedAdminRanges === false
+ || (is_array($allowedAdminRanges) && empty($allowedAdminRanges))
+ ) {
+ return SetupResult::success($this->l10n->t('Admin IP filtering isn\'t applied.'));
+ }
+
+ if (!is_array($allowedAdminRanges)) {
+ return SetupResult::error(
+ $this->l10n->t(
+ 'Configuration key "%1$s" expects an array (%2$s found). Admin IP range validation will not be applied.',
+ [RemoteAddress::SETTING_NAME, gettype($allowedAdminRanges)],
+ )
+ );
+ }
+
+ $invalidRanges = array_filter($allowedAdminRanges, static fn (mixed $range): bool => !is_string($range) || !Range::isValid($range));
+ if (!empty($invalidRanges)) {
+ return SetupResult::warning(
+ $this->l10n->t(
+ 'Configuration key "%1$s" contains invalid IP range(s): "%2$s"',
+ [RemoteAddress::SETTING_NAME, implode('", "', $invalidRanges)],
+ ),
+ );
+ }
+
+ return SetupResult::success($this->l10n->t('Admin IP filtering is correctly configured.'));
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 04:10:23 +0000