mirror of
https://github.com/kokororin/typecho-plugin-Access.git
synced 2025-03-23 16:20:22 +08:00
feat: add ip block list settings
This commit is contained in:
parent
7d1905a556
commit
de75cbb7ac
@ -92,6 +92,34 @@ class Access_Core
|
||||
return $entrypoint;
|
||||
}
|
||||
|
||||
/**
|
||||
* 判断当前 IP 是否在屏蔽 IP(段) 中
|
||||
*
|
||||
* @access private
|
||||
* @return bool
|
||||
*/
|
||||
private function isBlockIp($ip): ?bool
|
||||
{
|
||||
$version = Access_Ip::matchIPVersion($ip);
|
||||
if ($version === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$lines = explode('\n', $this->config->blockIps);
|
||||
foreach ($lines as $line) {
|
||||
$cidr = explode('#', $line)[0];
|
||||
$cidr = trim($cidr);
|
||||
|
||||
if (!empty($cidr)) {
|
||||
if (Access_Ip::matchCIDR($cidr, $ip)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 记录当前访问(管理员登录不会记录)
|
||||
*
|
||||
@ -107,6 +135,9 @@ class Access_Core
|
||||
$url = $this->request->getServer('REQUEST_URI');
|
||||
}
|
||||
$ip = $this->request->getIp();
|
||||
if ($this->isBlockIp($ip)) {
|
||||
return;
|
||||
}
|
||||
if(!empty($ip)) {
|
||||
# 解析ip归属地
|
||||
try {
|
||||
|
126
Access_Ip.php
Normal file
126
Access_Ip.php
Normal file
@ -0,0 +1,126 @@
|
||||
<?php
|
||||
if (!defined('__ACCESS_PLUGIN_ROOT__')) {
|
||||
throw new Exception('Bootstrap file not found');
|
||||
}
|
||||
|
||||
class Access_Ip
|
||||
{
|
||||
/**
|
||||
* Check if a string is a valid IPv4 address
|
||||
* @param string $str test string
|
||||
* @return bool return true if it is a valid IPv4 address
|
||||
*/
|
||||
public static function isIPv4($str)
|
||||
{
|
||||
if (filter_var($str, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a string is a valid IPv6 address
|
||||
* @param string $str test string
|
||||
* @return bool return true if it is a valid IPv6 address
|
||||
*/
|
||||
public static function isIPv6($str)
|
||||
{
|
||||
if (filter_var($str, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a string is a valid IP address, and return its version
|
||||
* @param string $str test string
|
||||
* @return number|null return version or null if it is not a ip address
|
||||
*/
|
||||
public static function matchIPVersion($str)
|
||||
{
|
||||
if (Access_Ip::isIPv4($str)) {
|
||||
return 4;
|
||||
}
|
||||
if (Access_Ip::isIPv6($str)) {
|
||||
return 6;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if an ip address is in the CIDR subnet.
|
||||
* @param string $cidr - an ipv6 address, ex 1.2.3.5/24, ::1, 2001:288:5200::1, :: ,etc.
|
||||
* @param string $addr - an ip subnet, ex 1.2.3.4 or 2001:288:5400/39 or 2001:288:5432:/64 or 2001:288:5478::/64..
|
||||
* @return bool return true if $addr is inside the $cidr subnet, or return false.
|
||||
*/
|
||||
public static function matchCIDR($cidr, $addr)
|
||||
{
|
||||
$cidrVersion = Access_Ip::matchIPVersion(explode('/', $cidr)[0]);
|
||||
$addrVersion = Access_Ip::matchIPVersion($addr);
|
||||
|
||||
if ($cidrVersion !== $addrVersion) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($cidrVersion === 4) {
|
||||
return Access_Ip::matchCIDRv4($cidr, $addr);
|
||||
}
|
||||
|
||||
if ($cidrVersion === 6) {
|
||||
return Access_Ip::matchCIDRv6($cidr, $addr);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if an ipv4 address is in the CIDRv4 subnet.
|
||||
* @param $cidr string an ipv4 subnet ex .. 1.2.3.5/24
|
||||
* @param $addr string an ipv4 address ex.. 1.2.3.4
|
||||
* @return bool return true if $ip is inside the $cidr subnet, or return false.
|
||||
*/
|
||||
public static function matchCIDRv4($cidr, $addr)
|
||||
{
|
||||
$parts = explode('/', $cidr);
|
||||
$cidr_ip = $parts[0];
|
||||
$cidr_mask = count($parts) >= 2 ? $parts[1] : '32';
|
||||
return (ip2long($addr) >> (32 - $cidr_mask) == ip2long($cidr_ip) >> (32 - $cidr_mask));
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an ipv6 address to bin string
|
||||
* @param string $addr - an ipv6 address
|
||||
* @return string return the binary string of an ipv6 address if parameter ip6 is an ipv6 address,
|
||||
* else it return an empty string.
|
||||
*/
|
||||
public static function ExpandIPv6Notation2Bin($addr)
|
||||
{
|
||||
if (strpos($addr, '::') !== false) {
|
||||
$addr = str_replace('::', str_repeat(':0', 8 - substr_count($addr, ':')) . ':', $addr);
|
||||
}
|
||||
$ip6parts = explode(':', $addr);
|
||||
$res = "";
|
||||
foreach ($ip6parts as $part) {
|
||||
$res .= str_pad(base_convert($part, 16, 2), 16, 0, STR_PAD_LEFT);
|
||||
}
|
||||
return $res;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if an ipv6 address is in the CIDRv6 subnet.
|
||||
* @param string $cidr - an ipv6 subnet, ex 2001:288:5400/39 or 2001:288:5432:/64 or 2001:288:5478::/64..
|
||||
* @param string $addr - an ipv6 address, ex ::1, 2001:288:5200::1, :: ,etc.
|
||||
* @return bool return true if $addr is inside the $cidr subnet, or return false.
|
||||
*/
|
||||
public static function MatchCIDRv6($cidr, $addr)
|
||||
{
|
||||
$parts = explode('/', $cidr);
|
||||
$cidr_ip = $parts[0];
|
||||
$cidr_mask = count($parts) >= 2 ? $parts[1] : '128';
|
||||
$cidr_bin = substr(Access_Ip::ExpandIPv6Notation2Bin($cidr_ip), 0, $cidr_mask);
|
||||
$ip_bin = substr(Access_Ip::ExpandIPv6Notation2Bin($addr), 0, $cidr_mask);
|
||||
if (!strcmp($cidr_bin, $ip_bin))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
}
|
@ -75,9 +75,13 @@ class Access_Plugin implements Typecho_Plugin_Interface
|
||||
'0' => '后端',
|
||||
'1' => '前端',
|
||||
), '0', '日志写入类型:', '请选择日志写入类型,如果写入速度较慢可选择前端写入日志。<br/>如果您使用了pjax,请在pjax相关事件中调用 window.Access.track() 方法。');
|
||||
$blockIps = new Typecho_Widget_Helper_Form_Element_Textarea(
|
||||
'blockIps', null, '',
|
||||
'IP 黑名单', '每行一个,不记录来自这些 IP 的访问记录,支持 CIDR 掩码配置,支持 # 行注释');
|
||||
$form->addInput($pageSize);
|
||||
$form->addInput($isDrop);
|
||||
$form->addInput($writeType);
|
||||
$form->addInput($blockIps);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user