add ipv6 support

Author: mobula9

.env.example

@@ -3,7 +3,7 @@ WORDPRESS_VERSION=5.6
 WATCHER_LOGIN=watcherLogin
 WATCHER_PASSWORD=watcherPassword
 NETWORK_SUBNET=172.16.238.0/24
-DOCKER_HOST_IP=172.16.238.1
+DOCKER_HOST_IP=172.16.238.1 # OR IPV6 2001:3200:3200::1
 BOUNCER_KEY=
 WORDPRESS_URL=
 DEBUG=1

composer.json

@@ -9,7 +9,7 @@
         }
     ],
     "require": {
-        "crowdsec/bouncer": "^0.9.0"
+        "crowdsec/bouncer": "^0.10.0"
     },
     "require-dev": {
         "bramus/monolog-colored-line-formatter": "^3.0",

composer.lock

@@ -1,6 +1,10 @@
 # Contribute to this plugin from a MacOS host
 
-You can test the Linux behavior of this project using **Vagrant** (you have to install this on your host to continue).
+You can test the Linux behavior of this project using **Vagrant**.
+
+## One time setup
+
+### Run the VM and initialize it
 
 ```bash
 vagrant up
@@ -10,18 +14,26 @@ sudo systemctl restart docker
 ```
 
 You have to log out and log back for permission to be updated:
+
 ```bash
 exit
-vagrant shh
+vagrant ssh
 ```
+### Enabled Docker IPV6 support inside the Linux VM
+
+follow [this guide](https://docs.docker.com/config/daemon/ipv6/). (Note that you'll have to create the file `/etc/docker/daemon.json`).
+
+
+### Install NodeJS
 
-Enabled IPV6 support following [this guide](https://docs.docker.com/config/daemon/ipv6/). (Note that you'll have to create the file `/etc/docker/daemon.json`).
+Follow [this guide](https://github.com/nodesource/distributions/blob/master/README.md#installation-instructions)
+### Install Yarn
 
-Add yarn: https://linuxize.com/post/how-to-install-yarn-on-ubuntu-18-04/
+Follow [this guide](https://linuxize.com/post/how-to-install-yarn-on-ubuntu-18-04/).
 
-https://github.com/nodesource/distributions/blob/master/README.md#installation-instructions
+### Add deps to run playwright
 
-Add deps to run playwright:
+```bash
 sudo apt-get install libnss3\
           libnspr4\
           libatk1.0-0\
@@ -41,24 +53,52 @@ sudo apt-get install libnss3\
           libgdk-pixbuf2.0-0\
           libasound2\
           libatspi2.0-0
+```
+
+### Edit you local host file:
+
+Type `sudo vim /etc/hosts` and add:
+
+```bash
+# select the one you want to try by uncommenting only ont of the two
+# 172.16.0.50 wordpress5-6 # Uncomment to use IPV4
+fde4:8dba:82e1::c4 wordpress5-6 # Uncomment to use IPV6
+```
 
+### Configure your `.env` file
 
 ```bash
 cd /vagrant
 cp .env.example .env
+```
+
+Update the created `.env` file with:
 
-# set DEBUG=0 in .env
+```bash
+DEBUG=0
+DOCKER_HOST_IP=172.16.238.1 # OR IF YOU WANT TO TEST WITH IPV6 USE: 2001:3200:3200::1
+```
 
+### Run "plugin auto setup" via e2e tests (limited to setup steps)
+
+```bash
 SETUP_ONLY=1 ./run-tests.sh
 ```
 
-sudo vim /etc/hosts
+### Browse the WordPress website admin
+
+Visit [http://wordpress5-6/wp-admin](http://wordpress5-6/wp-admin).
 
-#172.16.0.50 wordpress5-6
-fde4:8dba:82e1::c4 wordpress5-6
-# select the one you want to try
+### Run tests
 
-Access with ipv4 : http://wordpress5-6/wp-admin
+```bash
+SETUP_ONLY=1 ./run-tests.sh
+```
+
+### Stop the Virtal Machine
+```bash
+vagrant stop # vagrant up to start after
+```
 
 ### Clean up environnement
 

docs/macos-host.md

@@ -2,6 +2,7 @@
 
 use CrowdSecBouncer\BouncerException;
 use CrowdSecBouncer\Constants;
+use IPLib\Factory;
 
 function adminAdvancedSettings()
 {
@@ -16,7 +17,7 @@ function adminAdvancedSettings()
     addFieldCheckbox('crowdsec_stream_mode', 'Enable the "Stream" mode', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_stream_mode', function () {
         // Stream mode just activated.
         $bouncer = getBouncerInstance();
-        $result = $bouncer->warmBlocklistCacheUp();
+        $result = $bouncer->warmBlocklistCacheUp()['count'];
         $message = __('As the stream mode is enabled, the cache has just been warmed up, '.($result > 0 ? 'there are now '.$result.' decisions' : 'there is now '.$result.' decision').' in cache.');
         AdminNotice::displaySuccess($message);
         scheduleBlocklistRefresh();
@@ -43,7 +44,7 @@ function adminAdvancedSettings()
         // Update wp-cron schedule.
         if ((bool) get_option('crowdsec_stream_mode')) {
             $bouncer = getBouncerInstance();
-            $result = $bouncer->warmBlocklistCacheUp();
+            $result = $bouncer->warmBlocklistCacheUp()['count'];
             $message = __('As the stream mode refresh duration changed, the cache has just been warmed up, '.($result > 0 ? 'there are now '.$result.' decisions' : 'there is now '.$result.' decision').' in cache.');
             AdminNotice::displaySuccess($message);
             scheduleBlocklistRefresh();
@@ -128,7 +129,8 @@ function adminAdvancedSettings()
                 if ((bool) get_option('crowdsec_stream_mode')) {
                     $bouncer = getBouncerInstance($input); // Reload bouncer instance with the new cache system
                     $result = $bouncer->warmBlocklistCacheUp();
-                    $message = __('As the stream mode is enabled, the cache has just been warmed up, '.($result > 0 ? 'there are now '.$result.' decisions' : 'there is now '.$result.' decision').' in cache.');
+                    $count = $result['count'];
+                    $message = __('As the stream mode is enabled, the cache has just been warmed up, '.($count > 0 ? 'there are now '.$count.' decisions' : 'there is now '.$count.' decision').' in cache.');
                     AdminNotice::displaySuccess($message);
                     scheduleBlocklistRefresh();
                 }
@@ -193,43 +195,30 @@ function adminAdvancedSettings()
         return $input;
     }, '<p>Which remediation to apply when CrowdSec advises unhandled remediation.</p>', $choice);
 
-    function cidrToLongBounds(int $longIp, int $factor): array
+    function convertInlineIpRangesToComparableIpBounds(string $inlineIpRanges): array
     {
-        $range = [];
-        $range[0] = (($longIp) & ((-1 << (32 - $factor))));
-        $range[1] = ((($range[0])) + pow(2, (32 - $factor)) - 1);
-
-        return $range;
-    }
-
-    function convertInlineIpRangesToLongArray(string $inlineIpRanges): array
-    {
-        $longIpBoundsList = [];
+        $comparableIpBoundsList = [];
         $stringRangeArray = explode(',', $inlineIpRanges);
         foreach ($stringRangeArray as $stringRange) {
             $stringRange = trim($stringRange);
             if (false !== strpos($stringRange, '/')) {
-                $stringRange = explode('/', $stringRange);
-                $longIp = ip2long($stringRange[0]);
-                $factor = (int) $stringRange[1];
-                if (false === $longIp) {
-                    throw new WordpressCrowdSecBouncerException('Invalid IP List format.');
-                }
-                if (0 === (int) $factor) {
+                $range = Factory::rangeFromString($stringRange);
+                if (null === $range) {
                     throw new WordpressCrowdSecBouncerException('Invalid IP List format.');
                 }
-                $longBounds = cidrToLongBounds($longIp, $factor);
-                $longIpBoundsList = array_merge($longIpBoundsList, [$longBounds]);
+                $bounds = [$range->getComparableStartString(), $range->getComparableEndString()];
+                $comparableIpBoundsList = array_merge($comparableIpBoundsList, [$bounds]);
             } else {
-                $long = ip2long($stringRange);
-                if (false === $long) {
+                $address = Factory::addressFromString($stringRange);
+                if (null === $address) {
                     throw new WordpressCrowdSecBouncerException('Invalid IP List format.');
                 }
-                $longIpBoundsList = array_merge($longIpBoundsList, [[$long, $long]]);
+                $comparableString = $address->getComparableString();
+                $comparableIpBoundsList = array_merge($comparableIpBoundsList, [[$comparableString, $comparableString]]);
             }
         }
 
-        return $longIpBoundsList;
+        return $comparableIpBoundsList;
     }
 
     // Field "crowdsec_trust_ip_forward"
@@ -241,8 +230,8 @@ function convertInlineIpRangesToLongArray(string $inlineIpRanges): array
 
                 return $input;
             }
-            $longList = convertInlineIpRangesToLongArray($input);
-            update_option('crowdsec_trust_ip_forward_array', $longList);
+            $comparableIpBoundsList = convertInlineIpRangesToComparableIpBounds($input);
+            update_option('crowdsec_trust_ip_forward_array', $comparableIpBoundsList);
             AdminNotice::displaySuccess('Ips with XFF to trust successfully saved.');
         } catch (WordpressCrowdSecBouncerException $e) {
             update_option('crowdsec_trust_ip_forward_array', []);

inc/admin/advanced-settings.php

@@ -29,7 +29,7 @@ function clearBouncerCacheInAdminPage()
 
             // In stream mode, immediatelly warm the cache up.
             if (get_option('crowdsec_stream_mode')) {
-                $result = $bouncer->warmBlocklistCacheUp();
+                $result = $bouncer->warmBlocklistCacheUp()['count'];
                 $message .= __(' As the stream mode is enabled, the cache has just been warmed up, '.($result > 0 ? 'there are now '.$result.' decisions' : 'there is now '.$result.' decision').' in cache.');
             }
 

inc/admin/init.php

@@ -2,14 +2,15 @@
 
 use CrowdSecBouncer\Bouncer;
 use CrowdSecBouncer\Constants;
+use IPLib\Factory;
 
 function bounceCurrentIp()
 {
     function shouldTrustXforwardedFor(string $ip): bool
     {
-        $longIp = ip2long($ip);
-        foreach (get_option('crowdsec_trust_ip_forward_array') as $longBounds) {
-            if ($longIp >= $longBounds[0] && $longIp <= $longBounds[1]) {
+        $comparableAddress = Factory::addressFromString($ip)->getComparableString();
+        foreach (get_option('crowdsec_trust_ip_forward_array') as $comparableIpBounds) {
+            if ($comparableAddress >= $comparableIpBounds[0] && $comparableAddress <= $comparableIpBounds[1]) {
                 return true;
             }
         }

inc/bounce-current-ip.php

@@ -40,7 +40,7 @@ function updateDsnDisplay () {
                     submit_button();
                 ?>
 		</form>
-		
+		<p style="font-style:italic">For information, the current browser IP detected by PHP is: <span id="detected_ip_address" style="user-select: all;"><?php echo $_SERVER['REMOTE_ADDR']; ?></span></p>
 		<br/>
 		<form action="<?php echo admin_url('admin-post.php'); ?>" method="post" id="crowdsec_action_clear_cache">
 			<input type="hidden" name="action" value="crowdsec_clear_cache">
@@ -55,7 +55,7 @@ function updateDsnDisplay () {
 			<input type="hidden" name="nonce" value="<?php echo wp_create_nonce('crowdsec_prune_cache'); ?>">
 		</form>
 		</div>
-		<p>
+		<p style="padding-top:15px">
 			Feel free to ask any questions about this plugin, make your suggestions or raise issues on the <a href="https://wordpress.org/support/plugin/crowdsec/">plugin support page</a> or directly on <a href="https://github.com/crowdsecurity/cs-wordpress-bouncer/issues/new">Github</a>.
 		</p>
 	</div>