Skip to content

Commit 5589921

Browse files
mrrobot47mrrobot47
committed
Add wildcard and alias domain support to whitelist generation
- Modified generate_site_whitelist() to create whitelist files for _wildcard.site_url on subdomain multisites - Handle alias_domains: create whitelist files for each alias domain - Convert *.domain format aliases to _wildcard.domain - For subdomain multisites, also create wildcard versions of alias domains - Updated all callers to pass site_data parameter - Fetch site data from DB when regenerating whitelist for all sites globally Signed-off-by: Riddhesh Sanghvi <riddhesh237@gmail.com>
1 parent e697bb2 commit 5589921

1 file changed

Lines changed: 45 additions & 8 deletions

File tree

src/Auth_Command.php

Lines changed: 45 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -200,7 +200,7 @@ private function create_whitelist( string $site_url, string $ips ) {
200200
if ( 'default' === $site_url ) {
201201
$this->generate_global_whitelist();
202202
} else {
203-
$this->generate_site_whitelist( $site_url );
203+
$this->generate_site_whitelist( $site_url, $this->site_data );
204204
}
205205

206206
reload_global_nginx_proxy();
@@ -371,7 +371,10 @@ private function generate_global_whitelist() {
371371
}
372372

373373
foreach ( $sites as $site ) {
374-
$this->generate_site_whitelist( $site );
374+
// Fetch site data to get app_sub_type and alias_domains
375+
$site_info = \EE\Model\Site::where( 'site_url', $site );
376+
$site_data = ! empty( $site_info ) ? $site_info[0] : null;
377+
$this->generate_site_whitelist( $site, $site_data );
375378
}
376379

377380
}
@@ -380,12 +383,41 @@ private function generate_global_whitelist() {
380383
* Generates site whitelist files
381384
*
382385
* @param string $site_url
386+
* @param object $site_data Optional site data object containing app_sub_type and alias_domains
383387
*
384388
* @throws Exception
385389
*/
386-
private function generate_site_whitelist( string $site_url ) {
387-
$site_whitelist_file = EE_ROOT_DIR . '/services/nginx-proxy/vhost.d/' . $site_url . '_acl';
388-
$this->fs->remove( $site_whitelist_file );
390+
private function generate_site_whitelist( string $site_url, $site_data = null ) {
391+
// Collect all domains to generate whitelist files for
392+
$domains = [ $site_url ];
393+
394+
// For subdomain multisites, add wildcard file
395+
if ( $site_data && ! empty( $site_data->app_sub_type ) && 'subdom' === $site_data->app_sub_type ) {
396+
$domains[] = '_wildcard.' . $site_url;
397+
}
398+
399+
// Add alias domains (excluding main site_url)
400+
if ( $site_data && ! empty( $site_data->alias_domains ) ) {
401+
$alias_list = array_map( 'trim', explode( ',', $site_data->alias_domains ) );
402+
foreach ( $alias_list as $alias ) {
403+
if ( empty( $alias ) || $alias === $site_url ) {
404+
continue;
405+
}
406+
// Replace *.domain with _wildcard.domain
407+
if ( 0 === strpos( $alias, '*.' ) ) {
408+
$domains[] = '_wildcard.' . substr( $alias, 2 );
409+
} else {
410+
$domains[] = $alias;
411+
// For subdomain multisites, also add wildcard for non-wildcard alias domains
412+
if ( ! empty( $site_data->app_sub_type ) && 'subdom' === $site_data->app_sub_type ) {
413+
$domains[] = '_wildcard.' . $alias;
414+
}
415+
}
416+
}
417+
}
418+
419+
// Remove duplicates
420+
$domains = array_unique( $domains );
389421

390422
$whitelists = array_column(
391423
'default' === $site_url ? Whitelist::get_global_ips() :
@@ -396,7 +428,12 @@ private function generate_site_whitelist( string $site_url ) {
396428
'ip'
397429
);
398430

399-
$this->put_ips_to_file( $site_whitelist_file, $whitelists );
431+
// Generate whitelist files for all collected domains
432+
foreach ( $domains as $domain ) {
433+
$domain_whitelist_file = EE_ROOT_DIR . '/services/nginx-proxy/vhost.d/' . $domain . '_acl';
434+
$this->fs->remove( $domain_whitelist_file );
435+
$this->put_ips_to_file( $domain_whitelist_file, $whitelists );
436+
}
400437
}
401438

402439
/**
@@ -537,7 +574,7 @@ private function update_whitelist( string $site_url, string $ips ) {
537574
if ( 'default' === $site_url ) {
538575
$this->generate_global_whitelist();
539576
} else {
540-
$this->generate_site_whitelist( $site_url );
577+
$this->generate_site_whitelist( $site_url, $this->site_data );
541578
}
542579

543580
reload_global_nginx_proxy();
@@ -684,7 +721,7 @@ public function delete( $args, $assoc_args ) {
684721
if ( 'default' === $site_url ) {
685722
$this->generate_global_whitelist();
686723
} else {
687-
$this->generate_site_whitelist( $site_url );
724+
$this->generate_site_whitelist( $site_url, $this->site_data );
688725
}
689726

690727
reload_global_nginx_proxy();

0 commit comments

Comments
 (0)