first commit

39ff · Mar 7, 2022 · d04a759 · d04a759
commit d04a759
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,14 @@
+# squid-db-auth-ip
+This is the squid module that allows IP addresses in Database.
+
+Used in [squid-db-auth-web](https://github.com/39ff/squid-db-auth-web) projects.
+
+
+## Configuration squid.conf
+example
+```
+external_acl_type ipdbauth ttl=60 %SRC /usr/bin/php /etc/squid/basic_db_ip_auth.php --dsn=mysql:dbname=test;host=127.0.0.1;charset=utf8mb4 --user=test --password=test
+acl ipauth external ipdbauth
+http_access allow ipauth
+```
+
diff --git a/src/basic_db_ip_auth.php b/src/basic_db_ip_auth.php
@@ -0,0 +1,35 @@
+<?php
+$options = getopt(null,[
+    'dsn:',
+    'user:',
+    'password:'
+]);
+$dsn = $options['dsn'];
+$in = fopen("php://stdin", "r");
+$out = fopen('php://stdout','w');
+while (!feof($in)) {
+    $line = fgets($in);
+    try {
+        $pdo = new PDO(
+            $dsn,
+            $options['user'], $options['password'],
+            [
+                PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+            ]
+        );
+        $line = trim($line);
+        $stmt = $pdo->prepare('SELECT ip FROM allowed_ips WHERE ip = ?');
+        $execute = $stmt->execute([
+            $line
+        ]);
+        $result = $stmt->fetch();
+        if (isset($result['ip']) && strcmp($result['ip'],$line) === 0) {
+            fwrite($out, "OK\n");
+        } else {
+            fwrite($out, "ERR\n");
+        }
+    }catch (PDOException $e){
+        fwrite($out,"BH\n");
+    }
+}