Add AccessBlock feature #291

- need MaxMind GeoIp2 database. - https://www.maxmind.com/en/geoip2-databases - https://dev.maxmind.com/geoip/geolite2-free-geolocation-data?lang=en - Download mmdb file to `/app/temp/GeoLite2-Country.mmdb`
fc2blog · Aug 9, 2021 · 4500d87 · 4500d87
1 parent 3a2aaf3
commit 4500d87
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 8 deletions.
diff --git a/app/src/Web/Controller/Admin/AdminController.php b/app/src/Web/Controller/Admin/AdminController.php
@@ -6,17 +6,21 @@
 use Fc2blog\App;
 use Fc2blog\Model\BlogsModel;
 use Fc2blog\Model\UsersModel;
+use Fc2blog\Service\AccessBlock;
 use Fc2blog\Service\BlogService;
 use Fc2blog\Web\Controller\Controller;
 use Fc2blog\Web\Request;
 use Fc2blog\Web\Session;
 
 abstract class AdminController extends Controller
 {
-    protected function beforeFilter(Request $request)
+    protected function beforeFilter(Request $request): string
     {
         // 親のフィルター呼び出し
-        parent::beforeFilter($request);
+        $template_path = parent::beforeFilter($request);
+        if (strlen($template_path) > 0) {
+            return $template_path;
+        }
 
         // install.lockファイルがなければインストーラーへ
         if (!$this->isInstalled() && (
@@ -26,6 +30,11 @@ protected function beforeFilter(Request $request)
             $this->redirect($request, ['controller' => 'Common', 'action' => 'install']);
         }
 
+        // IPアドレスからアクセス元の国を推定してのブロック
+        if ((new AccessBlock())->isAdminBlockIp($request)) {
+            return $this->error403();
+        }
+
         if (!$this->isLogin()) {
             // 未ログイン時でもアクセス許可するパターンリスト
             $allows = array(
@@ -40,7 +49,7 @@ protected function beforeFilter(Request $request)
             if (!isset($allows[$controller_name]) || !in_array($action_name, $allows[$controller_name])) {
                 $this->redirect($request, array('controller' => 'Session', 'action' => 'login'));
             }
-            return;
+            return "";
         }
 
         if (!$this->isSelectedBlog()) {
@@ -57,14 +66,16 @@ protected function beforeFilter(Request $request)
                 $this->setWarnMessage(__('Please select a blog'));
                 $this->redirect($request, ['controller' => 'Blogs', 'action' => 'index']);
             }
-            return;
+            return "";
         }
 
         // ログイン中でかつブログ選択中の場合ブログ情報を取得し時間設定を行う
         $blog = BlogService::getById($this->getBlogIdFromSession());
         if (is_array($blog) && isset($blog['timezone'])) {
             date_default_timezone_set($blog['timezone']);
         }
+
+        return "";
     }
 
     /**

diff --git a/app/src/Web/Controller/Controller.php b/app/src/Web/Controller/Controller.php
@@ -53,7 +53,10 @@ public function execute($method): void
      */
     public function prepare(string $method): string
     {
-        $this->beforeFilter($this->request);
+        $template_path = $this->beforeFilter($this->request);
+        if (strlen($template_path) > 0) {
+            return $template_path;
+        }
 
         $this->resolvedMethod = $method;
 
@@ -130,8 +133,9 @@ protected function isInvalidAjaxRequest(Request $request): bool
         return false;
     }
 
-    protected function beforeFilter(Request $request)
+    protected function beforeFilter(Request $request): string
     {
+        return "";
     }
 
     public function set(string $key, $value)

diff --git a/app/src/Web/Controller/User/EntriesController.php b/app/src/Web/Controller/User/EntriesController.php
@@ -27,10 +27,14 @@ class EntriesController extends UserController
     /**
      * 記事系統の前処理
      * @param Request $request
+     * @return string
      */
-    protected function beforeFilter(Request $request): void
+    protected function beforeFilter(Request $request): string
     {
-        parent::beforeFilter($request);
+        $template_path = parent::beforeFilter($request);
+        if (strlen($template_path) > 0) {
+            return $template_path;
+        }
 
         // ブログID指定があるかチェック
         $blog_id = $request->getBlogId();
@@ -76,6 +80,8 @@ protected function beforeFilter(Request $request): void
         $entries_model = new EntriesModel();
         $entries_model->updateReservation($blog_id);
         $entries_model->updateLimited($blog_id);
+
+        return "";
     }
 
     /**

diff --git a/app/src/Web/Controller/User/UserController.php b/app/src/Web/Controller/User/UserController.php
@@ -4,6 +4,7 @@
 namespace Fc2blog\Web\Controller\User;
 
 use Fc2blog\Model\BlogsModel;
+use Fc2blog\Service\AccessBlock;
 use Fc2blog\Web\Controller\Controller;
 use Fc2blog\Web\Fc2BlogTemplate;
 use Fc2blog\Web\Request;
@@ -12,6 +13,22 @@
 
 abstract class UserController extends Controller
 {
+    protected function beforeFilter(Request $request): string
+    {
+        // 親のフィルター呼び出し
+        $template_path = parent::beforeFilter($request);
+        if (strlen($template_path) > 0) {
+            return $template_path;
+        }
+
+        // IPアドレスからアクセス元の国を推定してのブロック
+        if ((new AccessBlock())->isUserBlockIp($request)) {
+            return $this->error403();
+        }
+
+        return "";
+    }
+
     /**
      * 管理画面ログイン中のブログIDを取得する
      */