m6web/firewall-bundle

Bundle providing IP filtering features for controllers and actions

Installs: 53 185

Dependents: 2

Stars: 17

Watchers: 12

Forks: 7

Open Issues: 1

Language: PHP

v1.0.0 2015-06-17 09:25 UTC

README

This bundle provides IP filtering features for your Symfony 2 applications.
It uses the Firewall component and offers service and annotations configuration.

Installation

Add this line in your composer.json :

{
    "require": {
        "m6web/firewall-bundle": "dev-master"
    }
}

Update your vendors :

composer update m6web/firewall-bundle

Registering

class AppKernel extends \Symfony\Component\HttpKernel\Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            new M6Web\Bundle\FirewallBundle\M6WebFirewallBundle(),
        );
    }
}

Usage

Configuration
m6web_firewall:
    lists:                                 # Define some IP lists into the Firewall Provider
        self:                                   # Define a list named "self"
            - '127.0.0.1'                           # IPV4
            - '::1'                                 # IPV6 short notation
        lan:                                    # Define a list named "lan"
            - '192.168.0.*'                         # IPV4 with Wildcard (* = all)
            - '192.168.0.0/24'                      # IPV4 with CIDR Mask
            - '192.168.0.0/255.255.255.0'           # IPV4 with Subnet Mask
    configs:                               # Define some pre-defined configurations into the Firewall Provider
        default:                                # Define a configuration named "default"
            default_state: true                     # Default returned value (default: true)
            throw_error: true                       # Throw an exception for rejected users (default: true)
            error_code: 403                         # Exception status code (default: 403)
            error_message: 'Forbidden'              # Exception message (default: Forbidden)
            lists:                                  # Lists access state
                self: true                              # "self" list records will be allowed by the firewall
                lan: false                              # "lan" list records will be rejected by the firewall
            entries:                                # Define custom IP's access state
                '192.168.0.10': true                    # "192.168.0.10" will be allowed
                '192.168.0.20': false                   # "192.168.0.20" will be rejected
Global annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall;

/**
 * @Firewall(
 *      config="default",
 *      actions={
 *          'myFirstAction'
 *      },
 *      default_state=true,
 *      lists={
 *          'default': true
 *      },
 *      entries={
 *          '192.168.0.50': false
 *      },
 *      throw_error: false,
 *      callback="myFirewallResponseHandler",
 *      error_message: 'Forbiden',
 *      error_code: 403
 * )
 */
  • config parameter sets which pre-defined configuration to use,
  • actions parameter sets which actions of the controller are protected (in case of Class Annotation).

All default set parameters can be overloaded by annotation.

Class annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall;

/**
 * @Firewall(
 *      config="default",
 *      actions={
 *          'myFirstAction'
 *      }
 * )
 */
class MyBundleController extends Controller
{
    public function myFirstAction()
    {
    }

    public function mySecondAction()
    {
    }
}
  • myFirstAction is protected by the pre-defined configuration default.
    In this case we can set one (or many) firewall used for many actions.
Method annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall;

class MyBundleController extends Controller
{
    /**
     * @Firewall(
     *      config="default"
     * )
     */
    public function myFirstAction()
    {
    }

    /**
     * @Firewall(
     *      default_state=true,
     *      lists={
     *           'lan': false
     *      },
     *      entries={
     *          '20.30.40.50': false
     *      }
     * )
     */
    public function mySecondAction()
    {
    }
}
  • myFirstAction uses its own firewall with pre-defined configuration default,
  • mySecondAction uses its own firewall with a custom configuration.
Path configuration
m6web_firewall:
    patterns:                             # define some routing pattern to filter
        api:
            config: default                         # config associed to the path
            path: /api                              # path to filter
  • config parameter sets which pre-defined configuration to use,
  • path parameter sets which path are protected.

Running the tests

$ php composer.phar install --dev
$ ./vendor/bin/atoum -d Tests/

Credits

Developped by the Cytron Team of M6 Web.
Tested with atoum.

License

The FirewallBundle is licensed under the MIT license.