非生产环境的 server 不对检查客户端 ip 白名单

2018-06-26 10:50:49 +08:00 · 2018-06-26 10:50:49 +08:00 · 436a084581
commit 436a084581
parent 6c54737d13
1 changed files with 14 additions and 5 deletions
--- a/src/Middleware/InternalApi.php
+++ b/src/Middleware/InternalApi.php
@ -15,6 +15,18 @@ class InternalApi
        app()->configure('internal_api');
    }

+    private function isClientIPPermitted ($ip) {
+        if (!app()->environment('production', 'staging')) {
+            return true;
+        }
+        if (Str::startsWith($ip, [
+            '127.0.0.', '192.168.', '10.0.',
+        ])) {
+            return true;
+        }
+        return false;
+    }
+
    /**
     * Handle an incoming request.
     *
@ -25,11 +37,8 @@ class InternalApi
    public function handle($request, Closure $next)
    {
        $ip = $request->getClientIp();
-
-        if (!Str::startsWith($ip, [
-            '127.0.0.', '192.168.', '10.0.'
-        ])) {
-            return new JsonResponse('', 404);
+        if (!$this->isClientIPPermitted($ip)) {
+            return new JsonResponse("$ip is forbidden", 403);
        }

        $params = $request->all();