From 436a0845815e3df2e6a8b41f28958aebc2b66fd0 Mon Sep 17 00:00:00 2001
From: George Xie <georgexsh@gmail.com>
Date: Tue, 26 Jun 2018 10:50:49 +0800
Subject: [PATCH] =?UTF-8?q?=E9=9D=9E=E7=94=9F=E4=BA=A7=E7=8E=AF=E5=A2=83?=
 =?UTF-8?q?=E7=9A=84=20server=20=E4=B8=8D=E5=AF=B9=E6=A3=80=E6=9F=A5?=
 =?UTF-8?q?=E5=AE=A2=E6=88=B7=E7=AB=AF=20ip=20=E7=99=BD=E5=90=8D=E5=8D=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Middleware/InternalApi.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/Middleware/InternalApi.php b/src/Middleware/InternalApi.php
index 2068e35..06a9cef 100644
--- a/src/Middleware/InternalApi.php
+++ b/src/Middleware/InternalApi.php
@@ -15,6 +15,18 @@ class InternalApi
         app()->configure('internal_api');
     }
 
+    private function isClientIPPermitted ($ip) {
+        if (!app()->environment('production', 'staging')) {
+            return true;
+        }
+        if (Str::startsWith($ip, [
+            '127.0.0.', '192.168.', '10.0.',
+        ])) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Handle an incoming request.
      *
@@ -25,11 +37,8 @@ class InternalApi
     public function handle($request, Closure $next)
     {
         $ip = $request->getClientIp();
-
-        if (!Str::startsWith($ip, [
-            '127.0.0.', '192.168.', '10.0.'
-        ])) {
-            return new JsonResponse('', 404);
+        if (!$this->isClientIPPermitted($ip)) {
+            return new JsonResponse("$ip is forbidden", 403);
         }
 
         $params = $request->all();