Added internal IP resolver and Cloudflare example

Author: karser

Form/Recaptcha3Type.php

@@ -8,7 +8,7 @@
 use Symfony\Component\Form\FormView;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 
-class Recaptcha3Type extends AbstractType
+final class Recaptcha3Type extends AbstractType
 {
     /** @var string */
     private $siteKey;

README.md

@@ -163,6 +163,65 @@ karser_recaptcha3:
 RECAPTCHA3_ENABLED=0
 ```
 
+### How to add Cloudflare IP resolver:
+
+From the [Cloudflare docs](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-):
+To provide the client (visitor) IP address for every request to the origin, Cloudflare adds the CF-Connecting-IP header.
+```
+"CF-Connecting-IP: A.B.C.D"
+```
+
+So you can implement custom IP resolver which attempts to read the `CF-Connecting-IP` header or fallbacks with the internal IP resolver:
+ 
+```php
+<?php declare(strict_types=1);
+
+namespace App\Service;
+
+use Karser\Recaptcha3Bundle\Services\IpResolverInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+
+class CloudflareIpResolver implements IpResolverInterface
+{
+    /** @var IpResolverInterface */
+    private $decorated;
+
+    /** @var RequestStack */
+    private $requestStack;
+
+    public function __construct(IpResolverInterface $decorated, RequestStack $requestStack)
+    {
+        $this->decorated = $decorated;
+        $this->requestStack = $requestStack;
+    }
+
+    public function resolveIp(): ?string
+    {
+        return $this->doResolveIp() ?? $this->decorated->resolveIp();
+    }
+
+    private function doResolveIp(): ?string
+    {
+        $request = $this->requestStack->getCurrentRequest();
+        if ($request === null) {
+            return null;
+        }
+        return $request->server->get('HTTP_CF_CONNECTING_IP');
+    }
+}
+```
+
+Here is the service declaration. It decorates the internal resolver:
+```yaml
+#services.yaml
+services:
+    App\Service\CloudflareIpResolver:
+        decorates: 'karser_recaptcha3.ip_resolver'
+        arguments:
+            $decorated: '@App\Service\CloudflareIpResolver.inner'
+            $requestStack: '@request_stack'
+```
+
 Testing
 -------
 

Resources/config/services.yml

@@ -14,10 +14,16 @@ services:
         arguments:
             - '@karser_recaptcha3.google.recaptcha'
             - '%karser_recaptcha3.enabled%'
-            - '@request_stack'
+            - '@karser_recaptcha3.ip_resolver'
         tags:
             - { name: validator.constraint_validator, alias: karser_recaptcha3_validator }
 
+    karser_recaptcha3.ip_resolver:
+        class:  Karser\Recaptcha3Bundle\Services\IpResolver
+        public: false
+        arguments:
+            - '@request_stack'
+
     karser_recaptcha3.google.recaptcha:
         class: 'ReCaptcha\ReCaptcha'
         arguments:

Services/IpResolver.php

@@ -0,0 +1,25 @@
+<?php declare(strict_types=1);
+
+namespace Karser\Recaptcha3Bundle\Services;
+
+use Symfony\Component\HttpFoundation\RequestStack;
+
+final class IpResolver implements IpResolverInterface
+{
+    /** @var RequestStack */
+    private $requestStack;
+
+    public function __construct(RequestStack $requestStack)
+    {
+        $this->requestStack = $requestStack;
+    }
+
+    public function resolveIp(): ?string
+    {
+        $request = $this->requestStack->getCurrentRequest();
+        if ($request === null) {
+            return null;
+        }
+        return $request->getClientIp();
+    }
+}

Services/IpResolverInterface.php

@@ -0,0 +1,8 @@
+<?php declare(strict_types=1);
+
+namespace Karser\Recaptcha3Bundle\Services;
+
+interface IpResolverInterface
+{
+    public function resolveIp(): ?string;
+}

Tests/Services/IpResolverTest.php

@@ -0,0 +1,27 @@
+<?php declare(strict_types=1);
+
+namespace Karser\Recaptcha3Bundle\Tests\Services;
+
+use Karser\Recaptcha3Bundle\Services\IpResolver;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
+
+class IpResolverTest extends TestCase
+{
+    public function testEmptyRequest()
+    {
+        $stack = new RequestStack();
+        $stack->push(new Request());
+        $resolver = new IpResolver($stack);
+        self::assertNull($resolver->resolveIp());
+    }
+
+    public function testRequest()
+    {
+        $stack = new RequestStack();
+        $stack->push(new Request([], [], [], [], [], ['REMOTE_ADDR' => '0.0.0.0']));
+        $resolver = new IpResolver($stack);
+        self::assertSame('0.0.0.0', $resolver->resolveIp());
+    }
+}

Validator/Constraints/Recaptcha3.php

@@ -7,7 +7,7 @@
 /**
  * @Annotation
  */
-class Recaptcha3 extends Constraint
+final class Recaptcha3 extends Constraint
 {
     public $message = 'Your computer or network may be sending automated queries';
 }

Validator/Constraints/Recaptcha3Validator.php

@@ -2,28 +2,28 @@
 
 namespace Karser\Recaptcha3Bundle\Validator\Constraints;
 
+use Karser\Recaptcha3Bundle\Services\IpResolverInterface;
 use ReCaptcha\ReCaptcha;
-use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\ConstraintValidator;
 use Symfony\Component\Validator\Exception\UnexpectedTypeException;
 
-class Recaptcha3Validator extends ConstraintValidator
+final class Recaptcha3Validator extends ConstraintValidator
 {
     /** @var ReCaptcha */
     private $recaptcha;
 
     /** @var bool */
     private $enabled;
 
-    /** @var RequestStack */
-    private $requestStack;
+    /** @var IpResolverInterface */
+    private $ipResolver;
 
-    public function __construct($recaptcha, bool $enabled, RequestStack $requestStack)
+    public function __construct($recaptcha, bool $enabled, IpResolverInterface $ipResolver)
     {
         $this->recaptcha = $recaptcha;
         $this->enabled = $enabled;
-        $this->requestStack = $requestStack;
+        $this->ipResolver = $ipResolver;
     }
 
     public function validate($value, Constraint $constraint): void
@@ -36,8 +36,7 @@ public function validate($value, Constraint $constraint): void
             return;
         }
 
-        $request = $this->requestStack->getCurrentRequest();
-        $ip = $request ? $request->server->get('HTTP_CF_CONNECTING_IP') ?? $request->getClientIp() : null;
+        $ip = $this->ipResolver->resolveIp();
 
         $response = $this->recaptcha->verify($value, $ip);
         if (!$response->isSuccess()) {