From 8b8a7c12ee3c9a87623effc46eb75c44438fe1ee Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Sun, 26 May 2024 13:42:01 +0200
Subject: [PATCH 1/6] remove IP logging

Replace unneeded logging of IPs and User-Agent strings with hashed data.
---
 app/Http/Controllers/Api/ApiV1Dot1Controller.php   | 12 ++++++------
 app/Http/Controllers/Auth/LoginController.php      |  4 ++--
 app/Http/Controllers/Auth/RegisterController.php   |  2 +-
 app/Http/Controllers/CuratedRegisterController.php |  2 +-
 app/Http/Controllers/RemoteAuthController.php      |  4 ++--
 app/Http/Controllers/SeasonalController.php        |  4 ++--
 app/Http/Controllers/Settings/HomeSettings.php     |  8 ++++----
 app/Http/Controllers/UserEmailForgotController.php |  4 ++--
 app/Listeners/AuthLogin.php                        |  4 ++--
 app/Listeners/LogFailedLogin.php                   |  4 ++--
 10 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
index 59fb1c93..9a124025 100644
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@@ -283,8 +283,8 @@ class ApiV1Dot1Controller extends Controller
         $log->action = 'account.edit.password';
         $log->message = 'Password changed';
         $log->link = null;
-        $log->ip_address = $request->ip();
-        $log->user_agent = $request->userAgent();
+        $log->ip_address = sha1($request->ip());
+        $log->user_agent = sha1($request->userAgent());
         $log->save();
 
         Mail::to($request->user())->send(new PasswordChange($user));
@@ -308,7 +308,7 @@ class ApiV1Dot1Controller extends Controller
             abort_if(BouncerService::checkIp($request->ip()), 404);
         }
         $agent = new Agent();
-        $currentIp = $request->ip();
+        $currentIp = sha1($request->ip());
 
         $activity = AccountLog::whereUserId($user->id)
             ->whereAction('auth.login')
@@ -487,7 +487,7 @@ class ApiV1Dot1Controller extends Controller
             abort_if(BouncerService::checkIp($request->ip()), 404);
         }
 
-        $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {
+        $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {
         }, config('pixelfed.app_registration_rate_limit_decay', 1800));
         abort_if(! $rl, 400, 'Too many requests');
 
@@ -560,7 +560,7 @@ class ApiV1Dot1Controller extends Controller
         $user->email = $email;
         $user->password = Hash::make($password);
         $user->register_source = 'app';
-        $user->app_register_ip = $request->ip();
+        $user->app_register_ip = sha1($request->ip());
         $user->app_register_token = Str::random(40);
         $user->save();
 
@@ -618,7 +618,7 @@ class ApiV1Dot1Controller extends Controller
             abort_if(BouncerService::checkIp($request->ip()), 404);
         }
 
-        $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {
+        $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {
         }, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
         abort_if(! $rl, 429, 'Too many requests');
 
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 86ee52c8..3e6a9c4f 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -109,8 +109,8 @@ class LoginController extends Controller
         $log->action = 'auth.login';
         $log->message = 'Account Login';
         $log->link = null;
-        $log->ip_address = $request->ip();
-        $log->user_agent = $request->userAgent();
+        $log->ip_address = sha1($request->ip());
+        $log->user_agent = sha1($request->userAgent());
         $log->save();
     }
 
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 7568fca0..72c8b741 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -163,7 +163,7 @@ class RegisterController extends Controller
 			'username' => $data['username'],
 			'email'    => $data['email'],
 			'password' => Hash::make($data['password']),
-			'app_register_ip' => request()->ip()
+			'app_register_ip' => sha1(request()->ip())
 		]);
 	}
 
diff --git a/app/Http/Controllers/CuratedRegisterController.php b/app/Http/Controllers/CuratedRegisterController.php
index 58bddb49..83e2e120 100644
--- a/app/Http/Controllers/CuratedRegisterController.php
+++ b/app/Http/Controllers/CuratedRegisterController.php
@@ -389,7 +389,7 @@ class CuratedRegisterController extends Controller
         $cr->email = $request->email;
         $cr->username = $request->session()->get('cur-reg.form-username');
         $cr->password = bcrypt($request->session()->get('cur-reg.form-password'));
-        $cr->ip_address = $request->ip();
+        $cr->ip_address = sha1($request->ip());
         $cr->reason_to_join = $request->session()->get('cur-reg.form-reason');
         $cr->verify_code = Str::random(40);
         $cr->save();
diff --git a/app/Http/Controllers/RemoteAuthController.php b/app/Http/Controllers/RemoteAuthController.php
index e0afd82e..7e58eec5 100644
--- a/app/Http/Controllers/RemoteAuthController.php
+++ b/app/Http/Controllers/RemoteAuthController.php
@@ -329,7 +329,7 @@ class RemoteAuthController extends Controller
             'webfinger' => $res['_webfinger'],
         ], [
             'software' => 'mastodon',
-            'ip_address' => $request->ip(),
+            'ip_address' => sha1($request->ip()),
             'bearer_token' => $token,
             'verify_credentials' => $res,
             'last_verify_credentials_at' => now(),
@@ -712,7 +712,7 @@ class RemoteAuthController extends Controller
             'email' => $data['email'],
             'password' => Hash::make($data['password']),
             'email_verified_at' => config('remote-auth.mastodon.contraints.skip_email_verification') ? now() : null,
-            'app_register_ip' => request()->ip(),
+            'app_register_ip' => sha1(request()->ip()),
             'register_source' => 'mastodon',
         ])));
 
diff --git a/app/Http/Controllers/SeasonalController.php b/app/Http/Controllers/SeasonalController.php
index a9f1f98c..352eb102 100644
--- a/app/Http/Controllers/SeasonalController.php
+++ b/app/Http/Controllers/SeasonalController.php
@@ -230,8 +230,8 @@ class SeasonalController extends Controller
 				'action' => 'seasonal.my2020.view'
 			],
 			[
-				'ip_address' => $request->ip(),
-				'user_agent' => $request->userAgent()
+				'ip_address' => sha1($request->ip()),
+				'user_agent' => sha1($request->userAgent())
 			]
 		]);
 		return response()->json(200);
diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
index 99326c09..1434cf66 100644
--- a/app/Http/Controllers/Settings/HomeSettings.php
+++ b/app/Http/Controllers/Settings/HomeSettings.php
@@ -139,8 +139,8 @@ trait HomeSettings
             $log->action = 'account.edit.password';
             $log->message = 'Password changed';
             $log->link = null;
-            $log->ip_address = $request->ip();
-            $log->user_agent = $request->userAgent();
+            $log->ip_address = sha1($request->ip());
+            $log->user_agent = sha1($request->userAgent());
             $log->save();
 
             Mail::to($request->user())->send(new PasswordChange($user));
@@ -186,8 +186,8 @@ trait HomeSettings
             $log->action = 'account.edit.email';
             $log->message = 'Email changed';
             $log->link = null;
-            $log->ip_address = $request->ip();
-            $log->user_agent = $request->userAgent();
+            $log->ip_address = sha1($request->ip());
+            $log->user_agent = sha1($request->userAgent());
             $log->save();
         }
 
diff --git a/app/Http/Controllers/UserEmailForgotController.php b/app/Http/Controllers/UserEmailForgotController.php
index 3889b980..c2622d10 100644
--- a/app/Http/Controllers/UserEmailForgotController.php
+++ b/app/Http/Controllers/UserEmailForgotController.php
@@ -80,8 +80,8 @@ class UserEmailForgotController extends Controller
     {
         UserEmailForgot::create([
             'user_id' => $user->id,
-            'ip_address' => $request->ip(),
-            'user_agent' => $request->userAgent(),
+            'ip_address' => sha1($request->ip()),
+            'user_agent' => sha1($request->userAgent()),
             'email_sent_at' => now()
         ]);
 
diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
index 90806965..90d6591b 100644
--- a/app/Listeners/AuthLogin.php
+++ b/app/Listeners/AuthLogin.php
@@ -122,8 +122,8 @@ class AuthLogin
         $device = DB::transaction(function() use($user) {
             return UserDevice::firstOrCreate([
                 'user_id'       => $user->id,
-                'ip'            => request()->ip(),
-                'user_agent'    => str_limit(request()->userAgent(), 180),
+                'ip'            => sha1(request()->ip()),
+                'user_agent'    => sha1(request()->userAgent()),
             ]);
         });
     }
diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
index c6ba3305..eff0cf71 100644
--- a/app/Listeners/LogFailedLogin.php
+++ b/app/Listeners/LogFailedLogin.php
@@ -41,8 +41,8 @@ class LogFailedLogin
         $log->action = 'auth.failed';
         $log->message = 'Failed login attempt';
         $log->link = null;
-        $log->ip_address = $request->ip();
-        $log->user_agent = $request->userAgent();
+        $log->ip_address = sha1($request->ip());
+        $log->user_agent = sha1($request->userAgent());
         $log->save();
     }
 }
-- 
2.45.0