From b893c92c5cc90e897478179f3a674e8471b8fc84 Mon Sep 17 00:00:00 2001 From: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:24:11 +0000 Subject: [PATCH 1/4] Fix blank proxy & Move hardcoded cloudflare ips --- app/Filament/Pages/Settings.php | 20 ++------------------ config/trustedproxy.php | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/app/Filament/Pages/Settings.php b/app/Filament/Pages/Settings.php index 7043fe9d7d..5a8140d8a2 100644 --- a/app/Filament/Pages/Settings.php +++ b/app/Filament/Pages/Settings.php @@ -146,7 +146,7 @@ private function generalSettings(): array ->separator() ->splitKeys(['Tab', ' ']) ->placeholder('New IP or IP Range') - ->default(env('TRUSTED_PROXIES', config('trustedproxy.proxies'))) + ->default(env('TRUSTED_PROXIES', implode(',', config('trustedproxy.proxies')))) ->hintActions([ FormAction::make('clear') ->label('Clear') @@ -159,23 +159,7 @@ private function generalSettings(): array ->label('Set to Cloudflare IPs') ->icon('tabler-brand-cloudflare') ->authorize(fn () => auth()->user()->can('update settings')) - ->action(fn (Set $set) => $set('TRUSTED_PROXIES', [ - '173.245.48.0/20', - '103.21.244.0/22', - '103.22.200.0/22', - '103.31.4.0/22', - '141.101.64.0/18', - '108.162.192.0/18', - '190.93.240.0/20', - '188.114.96.0/20', - '197.234.240.0/22', - '198.41.128.0/17', - '162.158.0.0/15', - '104.16.0.0/13', - '104.24.0.0/14', - '172.64.0.0/13', - '131.0.72.0/22', - ])), + ->action(fn (Set $set) => $set('TRUSTED_PROXIES', config('trustedproxy.cloudflare'))), ]), ]; } diff --git a/config/trustedproxy.php b/config/trustedproxy.php index 7e0166af8e..e69fa910f5 100644 --- a/config/trustedproxy.php +++ b/config/trustedproxy.php @@ -25,4 +25,22 @@ */ 'proxies' => in_array(env('TRUSTED_PROXIES', []), ['*', '**']) ? env('TRUSTED_PROXIES') : explode(',', env('TRUSTED_PROXIES') ?? ''), + + 'cloudflare' => [ + '173.245.48.0/20', + '103.21.244.0/22', + '103.22.200.0/22', + '103.31.4.0/22', + '141.101.64.0/18', + '108.162.192.0/18', + '190.93.240.0/20', + '188.114.96.0/20', + '197.234.240.0/22', + '198.41.128.0/17', + '162.158.0.0/15', + '104.16.0.0/13', + '104.24.0.0/14', + '172.64.0.0/13', + '131.0.72.0/22', + ], ]; From d87a13b99e04de3cd502f19cccdbd57a89f7af79 Mon Sep 17 00:00:00 2001 From: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:24:29 +0000 Subject: [PATCH 2/4] Add cloudflare's ipv6 --- config/trustedproxy.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/trustedproxy.php b/config/trustedproxy.php index e69fa910f5..5798c6f6ed 100644 --- a/config/trustedproxy.php +++ b/config/trustedproxy.php @@ -42,5 +42,13 @@ '104.24.0.0/14', '172.64.0.0/13', '131.0.72.0/22', + + '2400:cb00::/32', + '2606:4700::/32', + '2803:f800::/32', + '2405:b500::/32', + '2405:8100::/32', + '2a06:98c0::/29', + '2c0f:f248::/32', ], ]; From f44eb219983dcdf78af1c9f02925c7f6945eeffe Mon Sep 17 00:00:00 2001 From: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Date: Thu, 31 Oct 2024 02:04:42 +0000 Subject: [PATCH 3/4] Pull from url innstead of hardcoded --- app/Filament/Pages/Settings.php | 3 +- app/Services/Helpers/TrustedProxyService.php | 42 ++++++++++++++++++++ config/trustedproxy.php | 33 +++++---------- 3 files changed, 53 insertions(+), 25 deletions(-) create mode 100644 app/Services/Helpers/TrustedProxyService.php diff --git a/app/Filament/Pages/Settings.php b/app/Filament/Pages/Settings.php index 5a8140d8a2..993bd2be1a 100644 --- a/app/Filament/Pages/Settings.php +++ b/app/Filament/Pages/Settings.php @@ -4,6 +4,7 @@ use App\Models\Backup; use App\Notifications\MailTested; +use App\Services\Helpers\TrustedProxyService; use App\Traits\EnvironmentWriterTrait; use Exception; use Filament\Actions\Action; @@ -159,7 +160,7 @@ private function generalSettings(): array ->label('Set to Cloudflare IPs') ->icon('tabler-brand-cloudflare') ->authorize(fn () => auth()->user()->can('update settings')) - ->action(fn (Set $set) => $set('TRUSTED_PROXIES', config('trustedproxy.cloudflare'))), + ->action(fn (Set $set, TrustedProxyService $service) => $set('TRUSTED_PROXIES', $service->handle())), ]), ]; } diff --git a/app/Services/Helpers/TrustedProxyService.php b/app/Services/Helpers/TrustedProxyService.php new file mode 100644 index 0000000000..c915ade040 --- /dev/null +++ b/app/Services/Helpers/TrustedProxyService.php @@ -0,0 +1,42 @@ +client->request( + 'GET', + config('trustedproxy.auto.url'), + config('panel.guzzle') + ); + if ($response->getStatusCode() === 200) { + $result = json_decode($response->getBody(), true); + foreach (config('trustedproxy.auto.keys') as $value) { + $ips->push(...data_get($result, $value)); + } + $ips->unique(); + } + } catch (GuzzleException $e) { + } + + return $ips->values()->all(); + } +} diff --git a/config/trustedproxy.php b/config/trustedproxy.php index 5798c6f6ed..d30ca531d0 100644 --- a/config/trustedproxy.php +++ b/config/trustedproxy.php @@ -26,29 +26,14 @@ 'proxies' => in_array(env('TRUSTED_PROXIES', []), ['*', '**']) ? env('TRUSTED_PROXIES') : explode(',', env('TRUSTED_PROXIES') ?? ''), - 'cloudflare' => [ - '173.245.48.0/20', - '103.21.244.0/22', - '103.22.200.0/22', - '103.31.4.0/22', - '141.101.64.0/18', - '108.162.192.0/18', - '190.93.240.0/20', - '188.114.96.0/20', - '197.234.240.0/22', - '198.41.128.0/17', - '162.158.0.0/15', - '104.16.0.0/13', - '104.24.0.0/14', - '172.64.0.0/13', - '131.0.72.0/22', - - '2400:cb00::/32', - '2606:4700::/32', - '2803:f800::/32', - '2405:b500::/32', - '2405:8100::/32', - '2a06:98c0::/29', - '2c0f:f248::/32', + /* + * Automatically pull ips from url + */ + 'auto' => [ + 'url' => 'https://api.cloudflare.com/client/v4/ips', + 'keys' => [ + 'result.ipv4_cidrs', + 'result.ipv6_cidrs', + ], ], ]; From a627892c0bac6f673046c761d1a91c58adfa6c5b Mon Sep 17 00:00:00 2001 From: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Date: Fri, 1 Nov 2024 00:37:22 +0000 Subject: [PATCH 4/4] Remove Service --- app/Filament/Pages/Settings.php | 24 ++++++++++- app/Services/Helpers/TrustedProxyService.php | 42 -------------------- config/trustedproxy.php | 11 ----- 3 files changed, 22 insertions(+), 55 deletions(-) delete mode 100644 app/Services/Helpers/TrustedProxyService.php diff --git a/app/Filament/Pages/Settings.php b/app/Filament/Pages/Settings.php index 993bd2be1a..c9f3f9dcf0 100644 --- a/app/Filament/Pages/Settings.php +++ b/app/Filament/Pages/Settings.php @@ -4,7 +4,6 @@ use App\Models\Backup; use App\Notifications\MailTested; -use App\Services\Helpers\TrustedProxyService; use App\Traits\EnvironmentWriterTrait; use Exception; use Filament\Actions\Action; @@ -25,6 +24,8 @@ use Filament\Pages\Concerns\HasUnsavedDataChangesAlert; use Filament\Pages\Concerns\InteractsWithHeaderActions; use Filament\Pages\Page; +use GuzzleHttp\Client; +use GuzzleHttp\Exception\GuzzleException; use Illuminate\Support\Facades\Artisan; use Illuminate\Support\Facades\Notification as MailNotification; @@ -160,7 +161,26 @@ private function generalSettings(): array ->label('Set to Cloudflare IPs') ->icon('tabler-brand-cloudflare') ->authorize(fn () => auth()->user()->can('update settings')) - ->action(fn (Set $set, TrustedProxyService $service) => $set('TRUSTED_PROXIES', $service->handle())), + ->action(function (Client $client, Set $set) { + $ips = collect(); + try { + $response = $client->request( + 'GET', + 'https://api.cloudflare.com/client/v4/ips', + config('panel.guzzle') + ); + if ($response->getStatusCode() === 200) { + $result = json_decode($response->getBody(), true)['result']; + foreach (['ipv4_cidrs', 'ipv6_cidrs'] as $value) { + $ips->push(...data_get($result, $value)); + } + $ips->unique(); + } + } catch (GuzzleException $e) { + } + + $set('TRUSTED_PROXIES', $ips->values()->all()); + }), ]), ]; } diff --git a/app/Services/Helpers/TrustedProxyService.php b/app/Services/Helpers/TrustedProxyService.php deleted file mode 100644 index c915ade040..0000000000 --- a/app/Services/Helpers/TrustedProxyService.php +++ /dev/null @@ -1,42 +0,0 @@ -client->request( - 'GET', - config('trustedproxy.auto.url'), - config('panel.guzzle') - ); - if ($response->getStatusCode() === 200) { - $result = json_decode($response->getBody(), true); - foreach (config('trustedproxy.auto.keys') as $value) { - $ips->push(...data_get($result, $value)); - } - $ips->unique(); - } - } catch (GuzzleException $e) { - } - - return $ips->values()->all(); - } -} diff --git a/config/trustedproxy.php b/config/trustedproxy.php index d30ca531d0..7e0166af8e 100644 --- a/config/trustedproxy.php +++ b/config/trustedproxy.php @@ -25,15 +25,4 @@ */ 'proxies' => in_array(env('TRUSTED_PROXIES', []), ['*', '**']) ? env('TRUSTED_PROXIES') : explode(',', env('TRUSTED_PROXIES') ?? ''), - - /* - * Automatically pull ips from url - */ - 'auto' => [ - 'url' => 'https://api.cloudflare.com/client/v4/ips', - 'keys' => [ - 'result.ipv4_cidrs', - 'result.ipv6_cidrs', - ], - ], ];