[D8] IP Lookup

Thank you for applying! I added the PAReview checklist link. Reviewers will check the project and post comments to list what should be changed.

If you haven't done it, yet, please check the PAReview report and fix what needs to be fixed. There could be some false positives; verify that what reported is correct, before making any change.

The repository is using wrong branch names. See Release naming conventions, which explains which are the correct branch and tag names.

8.x-1.0 is a tag name, not a branch name, which would be 8,x-1.x. Branch and tag names are important in Drupal.org, as the code that creates archives for the development snapshots and releases relies on the correct names being used.

Hello!

I am reviewing your application using the Security advisory coverage application checklist as a guide. I have a few comments, based on that checklist.

#3.1 Ensure the project does not contain any security issues - Someone on the security team may do a more thorough security review, but a quick glance shows that you are using proper apis for database storage and templated output, so I do not see any immediate avenues for sql injection or XSS attacks in the code base.
#7.1 - API and best practices Review
As mentioned above, you seem to be using the correct apis for database access and templating, great job! I have a couple things for you to consider.

1. Your module uses a custom configuration, 'ipApikey.settings', but you have provided no schema for this configuration. See https://www.drupal.org/docs/8/api/configuration-api/configuration-schemametadata for information on how to define a schema for your configuration
2. Your module defines no automated tests. See https://www.drupal.org/node/1449736 and https://www.drupal.org/docs/8/phpunit for information on how to add automated testing to your project.

+1 on RTBC as I don't believe those items are blockers for security coverage, but I'll leave it to the sec team to update this issue, as this is my first attempt at a security review.

Thanks for your contribution!

* IpKeySettingsForm: all user facing text must run through t() for translation.
* class Resource: do not use file_get_contents() do download stuff. Use drupal's http client (Guzzle) to do that, for better error handling.
* class ClientIp: why do you need that class just to get the IP from the request? Any other service can do that by itself?

Twig does all the escaping to prevent XSS attacks in the IpLookup controller, so all looking good.

@mikelutz: Thanks a lot for reviewing! Feel free to set the issue to RTBC yourself next time, any reviewer can do that.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.