autoConfigFile = \OC::$configDir . 'autoconfig.php'; } public function run(array $post): void { // Check for autosetup: $post = $this->loadAutoConfig($post); $opts = $this->setupHelper->getSystemInfo(); // convert 'abcpassword' to 'abcpass' if (isset($post['adminpassword'])) { $post['adminpass'] = $post['adminpassword']; } if (isset($post['dbpassword'])) { $post['dbpass'] = $post['dbpassword']; } if (!$this->setupHelper->canInstallFileExists()) { $this->displaySetupForbidden(); return; } if (isset($post['install']) and $post['install'] == 'true') { // We have to launch the installation process : $e = $this->setupHelper->install($post); $errors = ['errors' => $e]; if (count($e) > 0) { $options = array_merge($opts, $post, $errors); $this->display($options); } else { $this->finishSetup(); } } else { $options = array_merge($opts, $post); $this->display($options); } } private function displaySetupForbidden(): void { $this->templateManager->printGuestPage('', 'installation_forbidden'); } public function display(array $post): void { $defaults = [ 'adminlogin' => '', 'adminpass' => '', 'dbuser' => '', 'dbpass' => '', 'dbname' => '', 'dbtablespace' => '', 'dbhost' => 'localhost', 'dbtype' => '', 'hasAutoconfig' => false, 'serverRoot' => \OC::$SERVERROOT, ]; $parameters = array_merge($defaults, $post); Util::addStyle('server', null); // include common nextcloud webpack bundle Util::addScript('core', 'common'); Util::addScript('core', 'main'); Util::addScript('core', 'install'); Util::addTranslations('core'); $this->initialStateService->provideInitialState('core', 'config', $parameters); $this->initialStateService->provideInitialState('core', 'data', false); $this->initialStateService->provideInitialState('core', 'links', [ 'adminInstall' => $this->urlGenerator->linkToDocs('admin-install'), 'adminSourceInstall' => $this->urlGenerator->linkToDocs('admin-source_install'), 'adminDBConfiguration' => $this->urlGenerator->linkToDocs('admin-db-configuration'), ]); $this->templateManager->printGuestPage('', 'installation'); } private function finishSetup(): void { if (file_exists($this->autoConfigFile)) { unlink($this->autoConfigFile); } Server::get(Checker::class)->runInstanceVerification(); if ($this->setupHelper->shouldRemoveCanInstallFile()) { $this->templateManager->printGuestPage('', 'installation_incomplete'); } header('Location: ' . Server::get(IURLGenerator::class)->getAbsoluteURL('index.php/core/apps/recommended')); exit(); } /** * @psalm-taint-escape file we trust file path given in POST for setup */ public function loadAutoConfig(array $post): array { if (file_exists($this->autoConfigFile)) { $this->logger->info('Autoconfig file found, setting up Nextcloud…'); $AUTOCONFIG = []; include $this->autoConfigFile; $post['hasAutoconfig'] = count($AUTOCONFIG) > 0; $post = array_merge($post, $AUTOCONFIG); } $dbIsSet = isset($post['dbtype']); $directoryIsSet = isset($post['directory']); $adminAccountIsSet = isset($post['adminlogin']); if ($dbIsSet and $directoryIsSet and $adminAccountIsSet) { $post['install'] = 'true'; } return $post; } } nge/backport/stable29/48207'>artonge/backport/stable29/48207 Nextcloud server, a safe home for all your data: https://github.com/nextcloud/serverwww-data
aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security/Ip/RemoteAddress.php
blob: 4eef88138985539c2f3149685b9345179945f542 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace OC\Security\Ip;

use OCP\IConfig;
use OCP\IRequest;
use OCP\Security\Ip\IAddress;
use OCP\Security\Ip\IRange;
use OCP\Security\Ip\IRemoteAddress;

class RemoteAddress implements IRemoteAddress, IAddress {
	public const SETTING_NAME = 'allowed_admin_ranges';

	private readonly ?IAddress $ip;

	public function __construct(
		private IConfig $config,
		IRequest $request,
	) {
		$remoteAddress = $request->getRemoteAddress();
		$this->ip = $remoteAddress === ''
			? null
			: new Address($remoteAddress);
	}

	public static function isValid(string $ip): bool {
		return Address::isValid($ip);
	}

	public function matches(IRange ... $ranges): bool {
		return $this->ip === null
			? true
			: $this->ip->matches(... $ranges);
	}

	public function allowsAdminActions(): bool {
		if ($this->ip === null) {
			return true;
		}

		$allowedAdminRanges = $this->config->getSystemValue(self::SETTING_NAME, false);

		// Don't apply restrictions on empty or invalid configuration
		if (
			$allowedAdminRanges === false
			|| !is_array($allowedAdminRanges)
			|| empty($allowedAdminRanges)
		) {
			return true;
		}

		foreach ($allowedAdminRanges as $allowedAdminRange) {
			if ((new Range($allowedAdminRange))->contains($this->ip)) {
				return true;
			}
		}

		return false;
	}

	public function __toString(): string {
		return (string)$this->ip;
	}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-28 12:11:02 +0000