diff --git a/src/Middleware/InternalApi.php b/src/Middleware/InternalApi.php index 06a9cef..28e70cd 100644 --- a/src/Middleware/InternalApi.php +++ b/src/Middleware/InternalApi.php @@ -9,69 +9,78 @@ use function PdInternalApi\sign; class InternalApi { - - public function __construct() - { - app()->configure('internal_api'); - } - - private function isClientIPPermitted ($ip) { - if (!app()->environment('production', 'staging')) { - return true; - } - if (Str::startsWith($ip, [ - '127.0.0.', '192.168.', '10.0.', - ])) { - return true; - } - return false; - } - - /** - * Handle an incoming request. - * - * @param \Illuminate\Http\Request $request - * @param \Closure $next - * @return mixed - */ - public function handle($request, Closure $next) - { - $ip = $request->getClientIp(); - if (!$this->isClientIPPermitted($ip)) { - return new JsonResponse("$ip is forbidden", 403); - } - - $params = $request->all(); - - if (empty($params['appid'])) { - $data = ['error' => 'require appid',]; - return new JsonResponse($data, 403); - } - - if (empty($params['timestamp'])) { - $data = ['error' => 'require time',]; - return new JsonResponse($data, 403); - } elseif (intval($params['timestamp']) + 60 < time()) { - $data = ['error' => 'sign expired',]; - return new JsonResponse($data, 403); - } - - $key = config('internal_api.server.' . $params['appid']); - - if (empty($key)) { - $data = ['error' => 'config error',]; - return new JsonResponse($data, 403); - } - - $sign = sign($params, $key); - if ($sign != $params['sign']) { - $data = [ - 'error' => 'sign error', - ]; - return new JsonResponse($data, 403); - } - - return $next($request); - } - + + public function __construct() + { + app()->configure('internal_api'); + } + + private function isClientIPPermitted($ip) + { + if (!app()->environment('production', 'staging')) { + return true; + } + if (Str::startsWith($ip, [ + '127.0.0.1', + //局域网 + '192.168.', + //vpc + '10.0.', + //pod network + '172.20.', + //北京办公区 + '172.16.' + ])) { + return true; + } + return false; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @return mixed + */ + public function handle($request, Closure $next) + { + $ip = $request->getClientIp(); + if (!$this->isClientIPPermitted($ip)) { + return new JsonResponse("$ip is forbidden", 403); + } + + $params = $request->all(); + + if (empty($params['appid'])) { + $data = ['error' => 'require appid',]; + return new JsonResponse($data, 403); + } + + if (empty($params['timestamp'])) { + $data = ['error' => 'require time',]; + return new JsonResponse($data, 403); + } else if (intval($params['timestamp']) + 60 < time()) { + $data = ['error' => 'sign expired',]; + return new JsonResponse($data, 403); + } + + $key = config('internal_api.server.' . $params['appid']); + + if (empty($key)) { + $data = ['error' => 'config error',]; + return new JsonResponse($data, 403); + } + + $sign = sign($params, $key); + if ($sign != $params['sign']) { + $data = [ + 'error' => 'sign error', + ]; + return new JsonResponse($data, 403); + } + + return $next($request); + } + } diff --git a/src/ServiceProvider.php b/src/ServiceProvider.php index c1b933f..b3070e2 100644 --- a/src/ServiceProvider.php +++ b/src/ServiceProvider.php @@ -2,8 +2,26 @@ namespace PdInternalApi; +use Illuminate\Http\Request; + class ServiceProvider extends \Illuminate\Support\ServiceProvider { + + public function boot(){ + Request::setTrustedProxies([ + //pod network + '172.20.0.0/16', + //vpc + '10.0.0.0/16', + //local + '127.0.0.1', + //北京办公区 + '172.16.0.0/16', + //aliyun slb + '100.116.0.0/16', + ], Request::HEADER_X_FORWARDED_ALL); + } + /** * Register any application services. *