-
-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathModule.php
122 lines (106 loc) · 3.28 KB
/
Module.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
namespace samdark\webshell;
use Yii;
use yii\base\Action;
use yii\web\ForbiddenHttpException;
use yii\web\Response;
/**
* This is the main module class for the web shell module.
*
* To use web shell, include it as a module in the application configuration like the following:
*
* ~~~
* return [
* 'modules' => [
* 'webshell' => ['class' => 'samdark\webshell\Module'],
* ],
* ]
* ~~~
*
* With the above configuration, you will be able to access web shell in your browser using
* the URL `http://localhost/path/to/index.php?r=webshell`
*
* @author Alexander Makarov <sam@rmcreative.ru>
*/
class Module extends \yii\base\Module
{
/**
* @inheritdoc
*/
public $controllerNamespace = 'samdark\webshell\controllers';
/**
* @var string console greetings
*/
public $greetings = 'Yii 2.0 web shell';
/**
* @var array URL to use for `quit` command. If not set, `quit` command will do nothing.
*/
public $quitUrl;
/**
* @var string path to `yii` script
*/
public $yiiScript = '@app/yii';
/**
* @var array the list of IPs that are allowed to access this module.
* Each array element represents a single IP filter which can be either an IP address
* or an address with wildcard (e.g. 192.168.0.*) to represent a network segment.
* The default value is `['127.0.0.1', '::1']`, which means the module can only be accessed
* by localhost.
*/
public $allowedIPs = ['127.0.0.1', '::1'];
/**
* @var callable A valid PHP callback that returns true if user is allowed to use web shell and false otherwise
*
* The signature is the following:
*
* function (Action $action)
*
* @since 2.0.0
*/
public $checkAccessCallback;
/**
* @inheritdoc
*/
public function init()
{
parent::init();
set_time_limit(0);
Yii::$app->getResponse()->format = Response::FORMAT_HTML;
}
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if (!parent::beforeAction($action)) {
return false;
}
if (Yii::$app instanceof \yii\web\Application && !$this->checkAccess($action)) {
throw new ForbiddenHttpException('You are not allowed to access this page.');
}
return true;
}
/**
* @return boolean whether the module can be accessed by the current user
*/
protected function checkAccess(Action $action)
{
$allowed = false;
$ip = Yii::$app->getRequest()->getUserIP();
foreach ($this->allowedIPs as $filter) {
if ($filter === '*' || $filter === $ip || (($pos = strpos($filter, '*')) !== false && !strncmp($ip, $filter, $pos))) {
$allowed = true;
break;
}
}
if ($allowed === false) {
Yii::warning('Access to web shell is denied due to IP address restriction. The requested IP is ' . $ip, __METHOD__);
return false;
}
if ($this->checkAccessCallback !== null && call_user_func_array($this->checkAccessCallback, [$action]) !== true) {
Yii::warning('Access to web shell is denied due to checkAccessCallback.', __METHOD__);
return false;
}
return true;
}
}