cdn
2 months ago
data_structure
2 months ago
activation.cls.php
2 months ago
admin-display.cls.php
2 months ago
admin-settings.cls.php
2 months ago
admin.cls.php
2 months ago
api.cls.php
2 months ago
avatar.cls.php
2 months ago
base.cls.php
2 months ago
cdn.cls.php
2 months ago
cloud-auth-callback.trait.php
2 months ago
cloud-auth-ip.trait.php
2 months ago
cloud-auth.trait.php
2 months ago
cloud-misc.trait.php
2 months ago
cloud-node.trait.php
2 months ago
cloud-request.trait.php
2 months ago
cloud.cls.php
2 months ago
conf.cls.php
2 months ago
control.cls.php
2 months ago
core.cls.php
2 months ago
crawler-map.cls.php
2 months ago
crawler.cls.php
2 months ago
css.cls.php
2 months ago
data.cls.php
2 months ago
data.upgrade.func.php
2 months ago
db-optm.cls.php
2 months ago
debug2.cls.php
2 months ago
doc.cls.php
2 months ago
error.cls.php
2 months ago
esi.cls.php
2 months ago
file.cls.php
2 months ago
guest.cls.php
2 months ago
gui.cls.php
2 months ago
health.cls.php
2 months ago
htaccess.cls.php
2 months ago
img-optm-manage.trait.php
2 months ago
img-optm-pull.trait.php
2 months ago
img-optm-send.trait.php
2 months ago
img-optm.cls.php
2 months ago
import.cls.php
2 months ago
import.preset.cls.php
2 months ago
lang.cls.php
2 months ago
localization.cls.php
2 months ago
media.cls.php
2 months ago
metabox.cls.php
2 months ago
object-cache-wp.cls.php
2 months ago
object-cache.cls.php
2 months ago
object.lib.php
2 months ago
optimize.cls.php
2 months ago
optimizer.cls.php
2 months ago
placeholder.cls.php
2 months ago
purge.cls.php
2 months ago
report.cls.php
2 months ago
rest.cls.php
2 months ago
root.cls.php
2 months ago
router.cls.php
2 months ago
str.cls.php
2 months ago
tag.cls.php
2 months ago
task.cls.php
2 months ago
tool.cls.php
2 months ago
ucss.cls.php
2 months ago
utility.cls.php
2 months ago
vary.cls.php
2 months ago
vpi.cls.php
2 months ago
cloud-auth-ip.trait.php
153 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Cloud auth IP validation trait |
| 4 | * |
| 5 | * @package LiteSpeed |
| 6 | * @since 7.8 |
| 7 | */ |
| 8 | |
| 9 | namespace LiteSpeed; |
| 10 | |
| 11 | defined( 'WPINC' ) || exit(); |
| 12 | |
| 13 | /** |
| 14 | * Trait Cloud_Auth_IP |
| 15 | * |
| 16 | * Handles QUIC.cloud IP validation and ping operations. |
| 17 | */ |
| 18 | trait Cloud_Auth_IP { |
| 19 | |
| 20 | /** |
| 21 | * Request callback validation from Cloud |
| 22 | * |
| 23 | * @since 3.0 |
| 24 | * @access public |
| 25 | */ |
| 26 | public function ip_validate() { |
| 27 | // phpcs:ignore WordPress.Security.NonceVerification.Missing |
| 28 | $hash = ! empty( $_POST['hash'] ) ? sanitize_text_field( wp_unslash( $_POST['hash'] ) ) : ''; |
| 29 | if ( !$hash ) { |
| 30 | return self::err( 'lack_of_params' ); |
| 31 | } |
| 32 | |
| 33 | if ( md5( substr( $this->_summary['pk_b64'], 0, 4 ) ) !== $hash ) { |
| 34 | self::debug( '__callback IP request decryption failed' ); |
| 35 | return self::err( 'err_hash' ); |
| 36 | } |
| 37 | |
| 38 | Control::set_nocache( 'Cloud IP hash validation' ); |
| 39 | |
| 40 | $resp_hash = md5( substr( $this->_summary['pk_b64'], 2, 4 ) ); |
| 41 | |
| 42 | self::debug( '__callback IP request hash: ' . $resp_hash ); |
| 43 | |
| 44 | return self::ok( [ 'hash' => $resp_hash ] ); |
| 45 | } |
| 46 | |
| 47 | /** |
| 48 | * Check if this visit is from cloud or not |
| 49 | * |
| 50 | * @since 3.0 |
| 51 | */ |
| 52 | public function is_from_cloud() { |
| 53 | $check_point = time() - 86400 * self::TTL_IPS; |
| 54 | if ( empty( $this->_summary['ips'] ) || empty( $this->_summary['ips_ts'] ) || $this->_summary['ips_ts'] < $check_point ) { |
| 55 | self::debug( 'Force updating ip as ips_ts is older than ' . self::TTL_IPS . ' days' ); |
| 56 | $this->_update_ips(); |
| 57 | } |
| 58 | |
| 59 | $res = $this->cls( 'Router' )->ip_access( $this->_summary['ips'] ); |
| 60 | if ( ! $res ) { |
| 61 | self::debug( '❌ Not our cloud IP' ); |
| 62 | |
| 63 | // Auto check ip list again but need an interval limit safety. |
| 64 | if ( empty( $this->_summary['ips_ts_runner'] ) || time() - (int) $this->_summary['ips_ts_runner'] > 600 ) { |
| 65 | self::debug( 'Force updating ip as ips_ts_runner is older than 10mins' ); |
| 66 | // Refresh IP list for future detection |
| 67 | $this->_update_ips(); |
| 68 | $res = $this->cls( 'Router' )->ip_access( $this->_summary['ips'] ); |
| 69 | if ( ! $res ) { |
| 70 | self::debug( '❌ 2nd time: Not our cloud IP' ); |
| 71 | } else { |
| 72 | self::debug( '� |
| 73 | Passed Cloud IP verification' ); |
| 74 | } |
| 75 | return $res; |
| 76 | } |
| 77 | } else { |
| 78 | self::debug( '� |
| 79 | Passed Cloud IP verification' ); |
| 80 | } |
| 81 | |
| 82 | return $res; |
| 83 | } |
| 84 | |
| 85 | /** |
| 86 | * Update Cloud IP list |
| 87 | * |
| 88 | * @since 4.2 |
| 89 | * |
| 90 | * @throws \Exception When fetching whitelist fails. |
| 91 | */ |
| 92 | private function _update_ips() { |
| 93 | self::debug( 'Load remote Cloud IP list from ' . $this->_cloud_ips ); |
| 94 | // Prevent multiple call in a short period |
| 95 | self::save_summary([ |
| 96 | 'ips_ts' => time(), |
| 97 | 'ips_ts_runner' => time(), |
| 98 | ]); |
| 99 | |
| 100 | $response = wp_safe_remote_get( $this->_cloud_ips . '?json' ); |
| 101 | if ( is_wp_error( $response ) ) { |
| 102 | $error_message = $response->get_error_message(); |
| 103 | self::debug( 'failed to get ip whitelist: ' . $error_message ); |
| 104 | throw new \Exception( 'Failed to fetch QUIC.cloud whitelist ' . esc_html($error_message) ); |
| 105 | } |
| 106 | |
| 107 | $json = \json_decode( $response['body'], true ); |
| 108 | |
| 109 | self::debug( 'Load ips', $json ); |
| 110 | self::save_summary( [ 'ips' => $json ] ); |
| 111 | } |
| 112 | |
| 113 | /** |
| 114 | * Return pong for ping to check PHP function availability |
| 115 | * |
| 116 | * @since 6.5 |
| 117 | * |
| 118 | * @return array |
| 119 | */ |
| 120 | public function ping() { |
| 121 | $resp = [ |
| 122 | 'v_lscwp' => Core::VER, |
| 123 | 'v_lscwp_db' => $this->conf( self::_VER ), |
| 124 | 'v_php' => PHP_VERSION, |
| 125 | 'v_wp' => $GLOBALS['wp_version'], |
| 126 | 'home_url' => home_url(), |
| 127 | 'site_url' => site_url(), |
| 128 | ]; |
| 129 | // phpcs:ignore WordPress.Security.NonceVerification.Missing |
| 130 | if ( ! empty( $_POST['funcs'] ) ) { |
| 131 | // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized |
| 132 | foreach ( wp_unslash($_POST['funcs']) as $v ) { |
| 133 | $resp[ $v ] = function_exists( $v ) ? 'y' : 'n'; |
| 134 | } |
| 135 | } |
| 136 | // phpcs:ignore WordPress.Security.NonceVerification.Missing |
| 137 | if ( ! empty( $_POST['classes'] ) ) { |
| 138 | // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized |
| 139 | foreach ( wp_unslash($_POST['classes']) as $v ) { |
| 140 | $resp[ $v ] = class_exists( $v ) ? 'y' : 'n'; |
| 141 | } |
| 142 | } |
| 143 | // phpcs:ignore WordPress.Security.NonceVerification.Missing |
| 144 | if ( ! empty( $_POST['consts'] ) ) { |
| 145 | // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized |
| 146 | foreach ( wp_unslash($_POST['consts']) as $v ) { |
| 147 | $resp[ $v ] = defined( $v ) ? 'y' : 'n'; |
| 148 | } |
| 149 | } |
| 150 | return self::ok( $resp ); |
| 151 | } |
| 152 | } |
| 153 |