Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
Cache ipCheck (2.8)#22819
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Cache ipCheck (2.8)#22819
Uh oh!
There was an error while loading.Please reload this page.
Conversation
| */ | ||
| protected$defaultLocale ='en'; | ||
| /** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This needs to bebool, see fabbot.io patch
| returnfalse; | ||
| } | ||
| if (!isset($this->validTrustedProxyIP)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It is possible thatself::$trustedProxies is changed between method calls. Make sure to reset the cached result insetTrustedProxies and that this is tested.
nicolas-grekas commentedMay 21, 2017
shouldnt this fix be submitted against the 2.8 branch? |
tgalopin commentedJun 4, 2017 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
I stumbled upon the same issue. Shouldn't the cache be stored statically in WDYT? |
fabpot commentedJun 4, 2017
Indeed, a cache in |
tgalopin commentedJun 4, 2017
@gonzalovilaseca do you want to do it? I can if you don't have time right now. |
| $request =newRequest(array(),array(),array(),array(),array(),array('REMOTE_ADDR' =>'8.8.8.8')); | ||
| Request::setTrustedProxies(array('8.8.8.8'), Request::HEADER_FORWARDED); | ||
| $this->assertEquals(true,$request->isFromTrustedProxy()); |
robfrawleyJun 4, 2017 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
$this->assertTrue($this->isFromTrustedProxy());
Also seen below intestIsFromTrustedProxyCacheIsInValidatedOnSetTrustedProxies().
gonzalovilaseca commentedJun 4, 2017
@tgalopin Sure, I'll do it, will be ready by tuesday |
| Request::setTrustedProxies(array('5.5.5.5'), Request::HEADER_FORWARDED); | ||
| $this->assertEquals(false,$request->isFromTrustedProxy()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
assertFalse()
| publicfunctiontestIsFromTrustedProxyReturnsFalseIfNoTrustedProxies() | ||
| { | ||
| $request =newRequest(); | ||
| $this->assertEquals(false,$request->isFromTrustedProxy()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
assertFalse()
| } | ||
| $remoteAddr =$this->server->get('REMOTE_ADDR'); | ||
| if (!array_key_exists($remoteAddr,self::$validTrustedProxyIP) ||null ===self::$validTrustedProxyIP[$remoteAddr]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Can be simply:!isset(self::$validTrustedProxyIP[$remoteAddr]) cause you do check fornull anyway.
gonzalovilaseca commentedJun 6, 2017
I've updated the PR moving the cache to Feel free to improve the naming of the new methods, naming is not my strength, even less with jet lag :-). |
| { | ||
| /** | ||
| * @var array | ||
| */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Should be private
| * @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet | ||
| */ | ||
| publicstaticfunctioncheckIp4($requestIp,$ip) | ||
| { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I would not delegate to another method but just copy/paste the cache logic in the methods directly.
| publicstaticfunctioncheckIp4($requestIp,$ip) | ||
| { | ||
| $cacheKey =$requestIp.'-'.$ip; | ||
| if (!array_key_exists($cacheKey,self::$checkedIps)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I would inline the checkIp4Internal method as well.
| class IpUtils | ||
| { | ||
| /** | ||
| * @var array |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
phpdoc should be removed
| returnfalse; | ||
| } | ||
| $cacheKey =$requestIp.'-'.$ip; | ||
| if (!array_key_exists($cacheKey,self::$checkedIps)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I would return early:
if (array_key_exists($cacheKey,self::$checkedIps)) {returnself::$checkedIps[$cacheKey];}
I would even changearra_key_exists() toisset()
| publicstaticfunctioncheckIp4($requestIp,$ip) | ||
| { | ||
| $cacheKey =$requestIp.'-'.$ip; | ||
| if (isset($cacheKey,self::$checkedIps)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Looks wrong to me
fabpot commentedJun 6, 2017
@gonzalovilaseca Can you change the branch of the PR to 2.7? |
gonzalovilaseca commentedJun 6, 2017
@fabpot 2.7 or 2.8? (nicolas mentioned 2.8) |
fabpot commentedJun 6, 2017
I would say 2.7. |
gonzalovilaseca commentedJun 6, 2017
@fabpot |
fabpot commentedJun 6, 2017
That would be wonderful, thanks. |
gonzalovilaseca commentedJun 7, 2017
2.7 version here:#23098 |
Uh oh!
There was an error while loading.Please reload this page.
In our app we use trusted proxies. Using Blackfire we found
IpUtils::checkIpwas being called 454 times taking 3.15ms.Caching the result saves those 3ms.