Merge pull request #46 from noplanman/45-webhook_ip_ranges

noplanman · web-flow · commit 349da2fe02f6 · 2019-04-15T03:50:52.000+02:00
Use the new Telegram API webhook IP ranges.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ Exclamation symbols (:exclamation:) note something of importance e.g. breaking c
 ## [Unreleased]
 ### Added
 ### Changed
+- Use the new Telegram API webhook IP ranges.
 ### Deprecated
 ### Removed
 ### Fixed
diff --git a/src/BotManager.php b/src/BotManager.php
@@ -21,9 +21,10 @@
 class BotManager
 {
     /**
-     * @var string Telegram post servers IP range
+     * @var array Telegram webhook servers IP ranges
+     * @link https://core.telegram.org/bots/webhooks#the-short-version
      */
-    const TELEGRAM_IP_RANGE = '149.154.167.197-149.154.167.233';
+    public const TELEGRAM_IP_RANGES = ['149.154.160.0/20', '91.108.4.0/22'];
 
     /**
      * @var string The output for testing, instead of echoing
@@ -578,7 +579,7 @@ public function isValidRequest(): bool
         }
 
         return Ip::match($ip, array_merge(
-            [self::TELEGRAM_IP_RANGE],
+            self::TELEGRAM_IP_RANGES,
             (array) $this->params->getBotParam('valid_ips', [])
         ));
     }
diff --git a/tests/BotManagerTest.php b/tests/BotManagerTest.php
@@ -431,19 +431,23 @@ public function testIsValidRequestValidate()
         unset($_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['HTTP_CLIENT_IP'], $_SERVER['REMOTE_ADDR']);
 
         // Lower range.
-        $_SERVER['REMOTE_ADDR'] = '149.154.167.196';
+        $_SERVER['REMOTE_ADDR'] = '149.154.159.255';
         self::assertFalse($botManager->isValidRequest());
-        $_SERVER['REMOTE_ADDR'] = '149.154.167.197';
+        $_SERVER['REMOTE_ADDR'] = '149.154.160.0';
         self::assertTrue($botManager->isValidRequest());
-        $_SERVER['REMOTE_ADDR'] = '149.154.167.198';
+        $_SERVER['REMOTE_ADDR'] = '91.108.3.255';
+        self::assertFalse($botManager->isValidRequest());
+        $_SERVER['REMOTE_ADDR'] = '91.108.4.0';
         self::assertTrue($botManager->isValidRequest());
 
         // Upper range.
-        $_SERVER['REMOTE_ADDR'] = '149.154.167.232';
+        $_SERVER['REMOTE_ADDR'] = '149.154.175.255';
         self::assertTrue($botManager->isValidRequest());
-        $_SERVER['REMOTE_ADDR'] = '149.154.167.233';
+        $_SERVER['REMOTE_ADDR'] = '149.154.176.0';
+        self::assertFalse($botManager->isValidRequest());
+        $_SERVER['REMOTE_ADDR'] = '91.108.7.255';
         self::assertTrue($botManager->isValidRequest());
-        $_SERVER['REMOTE_ADDR'] = '149.154.167.234';
+        $_SERVER['REMOTE_ADDR'] = '91.108.8.0';
         self::assertFalse($botManager->isValidRequest());
     }
 

Original file line number	Diff line number	Diff line change
`@@ -21,9 +21,10 @@`
`21`	`21`	`class BotManager`
`22`	`22`	`{`
`23`	`23`	`/**`
`24`		`- * @var string Telegram post servers IP range`
	`24`	`+ * @var array Telegram webhook servers IP ranges`
	`25`	`+ * @link https://core.telegram.org/bots/webhooks#the-short-version`
`25`	`26`	`*/`
`26`		`- const TELEGRAM_IP_RANGE = '149.154.167.197-149.154.167.233';`
	`27`	`+ public const TELEGRAM_IP_RANGES = ['149.154.160.0/20', '91.108.4.0/22'];`
`27`	`28`
`28`	`29`	`/**`
`29`	`30`	`* @var string The output for testing, instead of echoing`
`@@ -578,7 +579,7 @@ public function isValidRequest(): bool`
`578`	`579`	`}`
`579`	`580`
`580`	`581`	`return Ip::match($ip, array_merge(`
`581`		`- [self::TELEGRAM_IP_RANGE],`
	`582`	`+ self::TELEGRAM_IP_RANGES,`
`582`	`583`	`(array) $this->params->getBotParam('valid_ips', [])`
`583`	`584`	`));`
`584`	`585`	`}`