Raydium Framework

AbuseIpdbMiddleware extends AbstractMiddleware
in package

AbuseIpdbMiddleware ---------------------------------------.

• Queries AbuseIPDB (via IpReputation service) for every unique client IP. • Caches the score inside IpReputation to minimise external calls. • Writes a structured log entry (INFO) for observability and a WARN entry when the score breaches the configured threshold. • Adds abuse_score (float) and is_abusive (bool) to the request so that downstream middleware/controllers can react (e.g. increase rate‑limit). • Never blocks—delegates throttling/blocking decisions elsewhere to keep a single‑responsibility design.

Table of Contents

$cache  : FileCache
$configs  : Configs
$fs  : Filesystem
$ipResolver  : ClientIpResolver
$isAdminKiosk  : bool|null
$isApiRequest  : bool|null
$isMultitenant  : bool|null
$isShortInit  : bool|null
$logger  : LoggerInterface
$services  : Container
$logAbusiveIp  : null|bool
$reputation  : IpReputation
$threshold  : null|float
__construct()  : mixed
matchPaths()  : bool
Matches two URL paths, considering optional trailing slashes.
process()  : ResponseInterface
Process an incoming server request.
apiKey()  : string|null
getAllowedAccessPaths()  : null|array<string|int, mixed>
Retrieve allowed access paths for wp-admin routes.
getSubdomain()  : null|array<string|int, string>
isAdminRoute()  : mixed
isAdminRouteRestricted()  : bool
Check if a given URL or route matches the WordPress admin route pattern.
isHybridMode()  : bool
isMultitenantApp()  : bool
Determines if the application is configured to operate in multi-tenant mode.
isSecureMode()  : bool
isValidTenantId()  : false|int
log()  : LoggerInterface
multiMerge()  : array<string|int, mixed>
Merges two multi-dimensional arrays recursively.
reputation()  : IpReputation
setLogPath()  : void
when()  : void
getClientIp()  : string
Extract the best‑guess client IP, respecting typical proxy headers.

Properties

Methods

__construct()

public __construct([Container $serviceContainer = null ]) : mixed
Parameters
$serviceContainer : Container = null
Return values
mixed

matchPaths()

Matches two URL paths, considering optional trailing slashes.

public static matchPaths(string $uriPath, string $dbadminUrlPath) : bool
Parameters
$uriPath : string
$dbadminUrlPath : string
Return values
bool

process()

Process an incoming server request.

public process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
Parameters
$request : ServerRequestInterface
$handler : RequestHandlerInterface
Return values
ResponseInterface

getAllowedAccessPaths()

Retrieve allowed access paths for wp-admin routes.

protected getAllowedAccessPaths() : null|array<string|int, mixed>

This method fetches a list of allowed paths for the wp-admin directory based on configuration. It is designed to ensure that critical functionality like AJAX handling can operate without unnecessary restrictions while still securing other sensitive admin functionalities.

Configuration behavior:

  • security.restrict_wpadmin.enabled: Enables or disables the restriction mechanism (disabled by default).
  • security.restrict_wpadmin.secure: If true, applies stricter matching for wp-admin paths.
  • security.restrict_wpadmin.allowed: An array of specific paths to allow, e.g., ['admin-ajax.php'].

Example Usage:

  • Allow admin-ajax.php for AJAX requests to ensure plugins function correctly.
  • Restrict paths like theme-editor.php or custom plugin endpoints unless explicitly allowed.
  • Ensure security while allowing flexibility for specific use cases.

Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, 'secure' => false, 'allowed' => [ 'admin-ajax.php' ] ];

Tags
psalm-return

array{allowed: mixed, secure: mixed}|null

Return values
null|array<string|int, mixed>

Returns an array of allowed paths if restriction is enabled, null otherwise.

getSubdomain()

protected getSubdomain(ServerRequestInterface $request) : null|array<string|int, string>
Parameters
$request : ServerRequestInterface
Tags
psalm-return

list{string, string}|null

Return values
null|array<string|int, string>

isAdminRoute()

protected isAdminRoute(ServerRequestInterface $request) : mixed
Parameters
$request : ServerRequestInterface
Return values
mixed

isAdminRouteRestricted()

Check if a given URL or route matches the WordPress admin route pattern.

protected isAdminRouteRestricted(ServerRequestInterface $request) : bool

This method ensures that only specified paths within the wp-admin directory are allowed based on configurations. This is crucial for security as it prevents unauthorized access to sensitive WordPress admin functionalities.

Context: When the restrict_wpadmin configuration is enabled (disabled by default), all requests to paths under /wp/wp-admin will be restricted with a 401 response unless explicitly allowed. The isAdminRouteRestricted method determines whether a request matches restricted wp-admin routes and handles the restriction logic upstream.

Examples of wp-admin paths to consider:

  • wp-admin/admin-ajax.php: Frequently used by plugins for AJAX requests, should generally be allowed.
  • wp-admin/theme-editor.php: Sensitive path that should typically be restricted.
  • wp-admin/options.php: Core settings path that requires strict access control.
  • wp-admin/admin-post.php: A common custom plugin endpoint that may require special handling.

Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, // Enables or disables wp-admin restrictions (disabled by default) 'secure' => false, // Enables stricter matching for wp-admin paths 'allowed' => [ 'admin-ajax.php' // Paths allowed even when restrictions are enabled ] ];

Parameters
$request : ServerRequestInterface

The server request instance.

Return values
bool

Returns true if the route matches a restricted wp-admin route, false otherwise.

isMultitenantApp()

Determines if the application is configured to operate in multi-tenant mode.

protected static isMultitenantApp(mixed $composerConfig) : bool
Parameters
$composerConfig : mixed
Return values
bool

Returns true if the application is in multi-tenant mode, otherwise false.

isValidTenantId()

protected isValidTenantId(string $tenantId) : false|int
Parameters
$tenantId : string
Tags
psalm-return

0|1|false

Return values
false|int

multiMerge()

Merges two multi-dimensional arrays recursively.

protected static multiMerge(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : array<string|int, mixed>

This function will recursively merge the values of $array2 into $array1. If the same key exists in both arrays, and both corresponding values are arrays, the values are recursively merged. Otherwise, values from $array2 will overwrite those in $array1.

Parameters
$array1 : array<string|int, mixed>

The base array that will be merged into.

$array2 : array<string|int, mixed>

The array with values to merge into $array1.

Return values
array<string|int, mixed>

The merged array.

setLogPath()

protected setLogPath(string $logname) : void
Parameters
$logname : string
Return values
void

getClientIp()

Extract the best‑guess client IP, respecting typical proxy headers.

private getClientIp(ServerRequestInterface $request) : string
Parameters
$request : ServerRequestInterface
Return values
string

Search results