Harden quarantine provisioning; enforce strict permissions and update Ansible and docs

2026-02-12 07:47:48 +01:00
parent 037b176892
commit 1768f61da1
44 changed files with 2587 additions and 698 deletions
--- a/core/Services/RequestService.php
+++ b/core/Services/RequestService.php
@@ -0,0 +1,73 @@
+<?php
+declare(strict_types=1);
+namespace UploadLogger\Core\Services;
+
+final class RequestService
+{
+    public function uploadClean(string $str): string
+    {
+        return str_replace(["\n", "\r", "\t"], '_', (string)$str);
+    }
+
+    public function normalizeValue(mixed $value): mixed
+    {
+        if (is_array($value)) {
+            $out = [];
+            foreach ($value as $k => $v) {
+                $out[$k] = $this->normalizeValue($v);
+            }
+            return $out;
+        }
+
+        if (is_bool($value) || is_int($value) || is_float($value) || $value === null) {
+            return $value;
+        }
+
+        $str = (string)$value;
+        return preg_replace('/[\x00-\x1F\x7F]/', '_', $str);
+    }
+
+    public function generateRequestId(): string
+    {
+        try {
+            return bin2hex(random_bytes(8));
+        } catch (\Throwable $e) {
+            return uniqid('req', true);
+        }
+    }
+
+    public function getClientIp(): string
+    {
+        return $_SERVER['REMOTE_ADDR'] ?? 'unknown';
+    }
+
+    public function getUserId(): string
+    {
+        if (isset($_SESSION) && is_array($_SESSION) && isset($_SESSION['user_id'])) {
+            return (string)$_SESSION['user_id'];
+        }
+        if (!empty($_SERVER['PHP_AUTH_USER'])) {
+            return (string)$_SERVER['PHP_AUTH_USER'];
+        }
+        return 'guest';
+    }
+
+    /**
+     * @return array{0:string,1:string,2:string,3:string,4:int,5:string,6:string}
+     */
+    public function getRequestSummary(bool $logUserAgent = true): array
+    {
+        $ip     = $this->getClientIp();
+        $uri    = $_SERVER['REQUEST_URI'] ?? 'unknown';
+        $method = $_SERVER['REQUEST_METHOD'] ?? 'unknown';
+
+        $ctype  = $_SERVER['CONTENT_TYPE'] ?? '';
+        $clen   = (int)($_SERVER['CONTENT_LENGTH'] ?? 0);
+
+        $ua = $logUserAgent ? ($_SERVER['HTTP_USER_AGENT'] ?? '') : '';
+
+        $te = $_SERVER['HTTP_TRANSFER_ENCODING'] ?? '';
+
+        return [$ip, $uri, $method, $ctype, $clen, $ua, $te];
+    }
+}