1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\Settings\SetupChecks;
use OC\Security\Ip\Range;
use OC\Security\Ip\RemoteAddress;
use OCP\IConfig;
use OCP\IL10N;
use OCP\SetupCheck\ISetupCheck;
use OCP\SetupCheck\SetupResult;
class AllowedAdminRanges implements ISetupCheck {
public function __construct(
private IConfig $config,
private IL10N $l10n,
) {
}
public function getCategory(): string {
return 'system';
}
public function getName(): string {
return $this->l10n->t('Allowed admin IP ranges');
}
public function run(): SetupResult {
$allowedAdminRanges = $this->config->getSystemValue(RemoteAddress::SETTING_NAME, false);
if (
$allowedAdminRanges === false
|| (is_array($allowedAdminRanges) && empty($allowedAdminRanges))
) {
return SetupResult::success($this->l10n->t('Admin IP filtering isn\'t applied.'));
}
if (!is_array($allowedAdminRanges)) {
return SetupResult::error(
$this->l10n->t(
'Configuration key "%1$s" expects an array (%2$s found). Admin IP range validation will not be applied.',
[RemoteAddress::SETTING_NAME, gettype($allowedAdminRanges)],
)
);
}
$invalidRanges = array_filter($allowedAdminRanges, static fn (mixed $range): bool => !is_string($range) || !Range::isValid($range));
if (!empty($invalidRanges)) {
return SetupResult::warning(
$this->l10n->t(
'Configuration key "%1$s" contains invalid IP range(s): "%2$s"',
[RemoteAddress::SETTING_NAME, implode('", "', $invalidRanges)],
),
);
}
return SetupResult::success($this->l10n->t('Admin IP filtering is correctly configured.'));
}
}
|
