blallo
/
tt-rss


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							<?php
class Auth_Proxy extends Plugin implements IAuthModule {

	private $host;
	/* @var Auth_Base $base */
	private $base;

	function about() {
		return array(1.0,
			"Trust proxy X-Forwarded-User. May be dangerous, see doc",
			"boyska",
			true);
	}

	/* @var PluginHost $host */
	function init($host ) {
		$this->host = $host;
		$this->base = new Auth_Base();

		$host->add_hook($host::HOOK_AUTH_USER, $this);
	}

	/*
	 * is_whitelisted check if an IP is whitelisted by defined values in config.php
	 * it will check by-IP and by-NAME
	 * currently, only exact IP is supported (no cidr, no wildcard); this is a TODO
	 * check by 
	 */
	private function is_whitelisted($client_ip) {
		if(!defined('AUTHPROXY_WHITELIST_IP') && !defined('AUTHPROXY_WHITELIST_NAME')) {
			// TODO: send a warning: this is a misconfiguration!
			return false;
		}
		if(defined('AUTHPROXY_WHITELIST_IP')) {
			$whitelist = explode(' ', AUTHPROXY_WHITELIST_IP);
			foreach($whitelist as $w_ip) {
				if($client_ip === $w_ip) {
					return true;
				}
			}
		}
		if(defined('AUTHPROXY_WHITELIST_NAME')) {
			$whitelist = explode(' ', AUTHPROXY_WHITELIST_NAME);
			foreach($whitelist as $w_name) {
				foreach(gethostbynamel($w_name) as $w_ip) {
					if($client_ip === $w_ip) {
						return true;
					}
				}
			}
		}
		return false;
	}

	/**
	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
	 */
	function authenticate($login, $password) {
		$client_ip = $_SERVER['REMOTE_ADDR'];
		if($this->is_whitelisted($client_ip) === false) {
			return false;
		}

		if(!array_key_exists("HTTP_X_FORWARDED_USER", $_SERVER)) {
			return false;
		}
		$try_login = $_SERVER["HTTP_X_FORWARDED_USER"];

		if ($try_login) {
			$user_id = $this->base->auto_create_user($try_login, $password);

			if ($user_id) {
				$_SESSION["fake_login"] = $try_login;
				$_SESSION["fake_password"] = "******";
				$_SESSION["hide_hello"] = true;
				$_SESSION["hide_logout"] = true;

				return $user_id;
			}
		}

		return false;
	}

	function api_version() {
		return 2;
	}

}