Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
93.02% |
80 / 86 |
|
80.00% |
4 / 5 |
CRAP | |
0.00% |
0 / 1 |
IPInfoHandler | |
93.02% |
80 / 86 |
|
80.00% |
4 / 5 |
20.14 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
1 | |||
getInfo | n/a |
0 / 0 |
n/a |
0 / 0 |
0 | |||||
run | |
85.71% |
36 / 42 |
|
0.00% |
0 / 1 |
15.66 | |||
logAccess | |
100.00% |
17 / 17 |
|
100.00% |
1 / 1 |
1 | |||
getBodyValidator | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
2 | |||
getParamSettings | |
100.00% |
17 / 17 |
|
100.00% |
1 / 1 |
1 |
1 | <?php |
2 | |
3 | namespace MediaWiki\IPInfo\Rest\Handler; |
4 | |
5 | use ExtensionRegistry; |
6 | use JobQueueGroup; |
7 | use JobSpecification; |
8 | use MediaWiki\IPInfo\AccessLevelTrait; |
9 | use MediaWiki\IPInfo\InfoManager; |
10 | use MediaWiki\IPInfo\Rest\Presenter\DefaultPresenter; |
11 | use MediaWiki\Languages\LanguageFallback; |
12 | use MediaWiki\Permissions\PermissionManager; |
13 | use MediaWiki\Rest\LocalizedHttpException; |
14 | use MediaWiki\Rest\Response; |
15 | use MediaWiki\Rest\SimpleHandler; |
16 | use MediaWiki\Rest\TokenAwareHandlerTrait; |
17 | use MediaWiki\Rest\Validator\JsonBodyValidator; |
18 | use MediaWiki\Rest\Validator\UnsupportedContentTypeBodyValidator; |
19 | use MediaWiki\User\Options\UserOptionsLookup; |
20 | use MediaWiki\User\UserFactory; |
21 | use MediaWiki\User\UserIdentity; |
22 | use Wikimedia\Message\MessageValue; |
23 | use Wikimedia\ParamValidator\ParamValidator; |
24 | |
25 | abstract class IPInfoHandler extends SimpleHandler { |
26 | |
27 | use AccessLevelTrait; |
28 | use TokenAwareHandlerTrait; |
29 | |
30 | /** |
31 | * An array of contexts and the data |
32 | * that should be available in those contexts |
33 | * |
34 | * @var array |
35 | */ |
36 | protected const VIEWING_CONTEXTS = [ |
37 | 'popup' => [ |
38 | 'country', |
39 | 'countryNames', |
40 | 'location', |
41 | 'organization', |
42 | 'numActiveBlocks', |
43 | 'numLocalEdits', |
44 | 'numRecentEdits', |
45 | ], |
46 | 'infobox' => [ |
47 | 'country', |
48 | 'countryNames', |
49 | 'location', |
50 | 'connectionType', |
51 | 'userType', |
52 | 'asn', |
53 | 'isp', |
54 | 'organization', |
55 | 'proxyType', |
56 | 'behaviors', |
57 | 'risks', |
58 | 'connectionTypes', |
59 | 'tunnelOperators', |
60 | 'proxies', |
61 | 'numUsersOnThisIP', |
62 | 'numActiveBlocks', |
63 | 'numLocalEdits', |
64 | 'numRecentEdits', |
65 | 'numDeletedEdits', |
66 | ] |
67 | ]; |
68 | |
69 | protected InfoManager $infoManager; |
70 | |
71 | protected PermissionManager $permissionManager; |
72 | |
73 | protected UserOptionsLookup $userOptionsLookup; |
74 | |
75 | protected UserFactory $userFactory; |
76 | |
77 | protected DefaultPresenter $presenter; |
78 | |
79 | protected JobQueueGroup $jobQueueGroup; |
80 | |
81 | protected LanguageFallback $languageFallback; |
82 | |
83 | public function __construct( |
84 | InfoManager $infoManager, |
85 | PermissionManager $permissionManager, |
86 | UserOptionsLookup $userOptionsLookup, |
87 | UserFactory $userFactory, |
88 | DefaultPresenter $presenter, |
89 | JobQueueGroup $jobQueueGroup, |
90 | LanguageFallback $languageFallback |
91 | ) { |
92 | $this->infoManager = $infoManager; |
93 | $this->permissionManager = $permissionManager; |
94 | $this->userOptionsLookup = $userOptionsLookup; |
95 | $this->userFactory = $userFactory; |
96 | $this->presenter = $presenter; |
97 | $this->jobQueueGroup = $jobQueueGroup; |
98 | $this->languageFallback = $languageFallback; |
99 | } |
100 | |
101 | /** |
102 | * Get information about an IP address (or IP addresses) associated with some entity, |
103 | * given an ID for the entity. |
104 | * |
105 | * Concrete subclasses handle for specific entity types, e.g. revision, log entry, etc. |
106 | * |
107 | * @param int $id |
108 | * @return array[] |
109 | * Each array in this array has the following structure: |
110 | * - 'subject': IP address |
111 | * - 'data': array of arrays, each with the following structure: |
112 | * - data source as a string => data array |
113 | * TODO: Task to codify this better |
114 | */ |
115 | abstract protected function getInfo( int $id ): array; |
116 | |
117 | /** |
118 | * Get information about an IP address, based on the ID of some related entity |
119 | * (e.g. a revision, log entry, etc.) |
120 | * |
121 | * @param int $id |
122 | * @return Response |
123 | */ |
124 | public function run( int $id ): Response { |
125 | $isBetaFeaturesLoaded = ExtensionRegistry::getInstance()->isLoaded( 'BetaFeatures' ); |
126 | // Disallow access to API if BetaFeatures is enabled but the feature is not |
127 | if ( $isBetaFeaturesLoaded && |
128 | !$this->userOptionsLookup->getOption( $this->getAuthority()->getUser(), 'ipinfo-beta-feature-enable' ) ) { |
129 | throw new LocalizedHttpException( |
130 | new MessageValue( 'ipinfo-rest-access-denied' ), |
131 | $this->getAuthority()->getUser()->isRegistered() ? 403 : 401 |
132 | ); |
133 | } |
134 | |
135 | if ( |
136 | !$this->permissionManager->userHasRight( $this->getAuthority()->getUser(), 'ipinfo' ) || |
137 | !$this->userOptionsLookup->getOption( $this->getAuthority()->getUser(), 'ipinfo-use-agreement' ) |
138 | ) { |
139 | throw new LocalizedHttpException( |
140 | new MessageValue( 'ipinfo-rest-access-denied' ), |
141 | $this->getAuthority()->getUser()->isRegistered() ? 403 : 401 |
142 | ); |
143 | } |
144 | $user = $this->userFactory->newFromUserIdentity( $this->getAuthority()->getUser() ); |
145 | |
146 | // Users with blocks on their accounts shouldn't be allowed to view ip info |
147 | if ( $user->getBlock() ) { |
148 | throw new LocalizedHttpException( |
149 | new MessageValue( 'ipinfo-rest-access-denied-blocked-user' ), |
150 | 403 |
151 | ); |
152 | } |
153 | |
154 | // Validate the CSRF token. We shouldn't need to allow anon CSRF tokens. |
155 | $this->validateToken(); |
156 | |
157 | $info = $this->getInfo( $id ); |
158 | $userLang = strtolower( $this->getValidatedParams()['language'] ); |
159 | $langCodes = array_unique( array_merge( |
160 | [ $userLang ], |
161 | $this->languageFallback->getAll( $userLang ) |
162 | ) ); |
163 | |
164 | // Only show data required for the context |
165 | $dataContext = $this->getValidatedParams()['dataContext']; |
166 | foreach ( $info as $index => $set ) { |
167 | if ( !isset( $set['data'] ) ) { |
168 | continue; |
169 | } |
170 | $info[$index] += [ 'language-fallback' => $langCodes ]; |
171 | foreach ( $set['data'] as $provider => $dataset ) { |
172 | foreach ( $dataset as $datum => $value ) { |
173 | if ( !in_array( $datum, self::VIEWING_CONTEXTS[$dataContext] ?? [] ) ) { |
174 | unset( $info[$index]['data'][$provider][$datum] ); |
175 | } |
176 | } |
177 | } |
178 | } |
179 | |
180 | foreach ( $info as $index => $set ) { |
181 | if ( !isset( $set['subject'] ) ) { |
182 | continue; |
183 | } |
184 | $this->logAccess( $this->getAuthority()->getUser(), $set['subject'], $dataContext ); |
185 | } |
186 | |
187 | $response = $this->getResponseFactory()->createJson( [ 'info' => $info ] ); |
188 | $response->setHeader( 'Cache-Control', 'private, max-age=86400' ); |
189 | return $response; |
190 | } |
191 | |
192 | /** |
193 | * Log that the IP information was accessed. See also LogIPInfoAccessJob. |
194 | * |
195 | * @param UserIdentity $accessingUser |
196 | * @param string $ip IP address whose information was accessed |
197 | * @param string $dataContext 'infobox' or 'popup' |
198 | */ |
199 | protected function logAccess( $accessingUser, $ip, $dataContext ) { |
200 | $level = $this->highestAccessLevel( |
201 | $this->permissionManager->getUserPermissions( $accessingUser ) |
202 | ); |
203 | $this->jobQueueGroup->push( |
204 | new JobSpecification( |
205 | 'ipinfoLogIPInfoAccess', |
206 | [ |
207 | 'performer' => $accessingUser->getName(), |
208 | 'ip' => $ip, |
209 | 'dataContext' => $dataContext, |
210 | 'timestamp' => (int)wfTimestamp(), |
211 | 'access_level' => $level, |
212 | ], |
213 | [], |
214 | null |
215 | ) |
216 | ); |
217 | } |
218 | |
219 | /** @inheritDoc */ |
220 | public function getBodyValidator( $contentType ) { |
221 | if ( $contentType !== 'application/json' ) { |
222 | return new UnsupportedContentTypeBodyValidator( $contentType ); |
223 | } |
224 | return new JsonBodyValidator( $this->getTokenParamDefinition() ); |
225 | } |
226 | |
227 | /** @inheritDoc */ |
228 | public function getParamSettings() { |
229 | return [ |
230 | 'id' => [ |
231 | self::PARAM_SOURCE => 'path', |
232 | ParamValidator::PARAM_TYPE => 'integer', |
233 | ParamValidator::PARAM_REQUIRED => true, |
234 | ], |
235 | 'dataContext' => [ |
236 | self::PARAM_SOURCE => 'query', |
237 | ParamValidator::PARAM_TYPE => 'string', |
238 | ParamValidator::PARAM_REQUIRED => true, |
239 | ], |
240 | 'language' => [ |
241 | self::PARAM_SOURCE => 'query', |
242 | ParamValidator::PARAM_TYPE => 'string', |
243 | ParamValidator::PARAM_REQUIRED => true, |
244 | ], |
245 | ]; |
246 | } |
247 | } |