composer/php-internal-api-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

非生产环境的 server 不对检查客户端 ip 白名单

Browse Source
This commit is contained in:
George Xie 2018-06-26 10:50:49 +08:00
parent 6c54737d13
commit 436a084581
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Middleware/InternalApi.php
View File

@ -15,6 +15,18 @@ class InternalApi
app()->configure('internal_api'); app()->configure('internal_api');
} }
private function isClientIPPermitted ($ip) {
if (!app()->environment('production', 'staging')) {
return true;
}
if (Str::startsWith($ip, [
'127.0.0.', '192.168.', '10.0.',
])) {
return true;
}
return false;
}
/** /**
* Handle an incoming request. * Handle an incoming request.
* *
@ -25,11 +37,8 @@ class InternalApi
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
$ip = $request->getClientIp(); $ip = $request->getClientIp();
if (!$this->isClientIPPermitted($ip)) {
if (!Str::startsWith($ip, [ return new JsonResponse("$ip is forbidden", 403);
'127.0.0.', '192.168.', '10.0.'
])) {
return new JsonResponse('', 404);
} }
$params = $request->all(); $params = $request->all();