add docker ip

src/Middleware/InternalApi.php

@@ -9,69 +9,78 @@ use function PdInternalApi\sign;
 
 class InternalApi
 {
-
+	
-    public function __construct()
+	public function __construct()
-    {
+	{
-        app()->configure('internal_api');
+		app()->configure('internal_api');
-    }
+	}
-
+	
-    private function isClientIPPermitted ($ip) {
+	private function isClientIPPermitted($ip)
-        if (!app()->environment('production', 'staging')) {
+	{
-            return true;
+		if (!app()->environment('production', 'staging')) {
-        }
+			return true;
-        if (Str::startsWith($ip, [
+		}
-            '127.0.0.', '192.168.', '10.0.',
+		if (Str::startsWith($ip, [
-        ])) {
+			'127.0.0.1',
-            return true;
+			//局域网
-        }
+			'192.168.',
-        return false;
+			//vpc
-    }
+			'10.0.',
-
+			//pod network
-    /**
+			'172.20.',
-     * Handle an incoming request.
+			//北京办公区
-     *
+			'172.16.'
-     * @param  \Illuminate\Http\Request $request
+		])) {
-     * @param  \Closure $next
+			return true;
-     * @return mixed
+		}
-     */
+		return false;
-    public function handle($request, Closure $next)
+	}
-    {
+	
-        $ip = $request->getClientIp();
+	/**
-        if (!$this->isClientIPPermitted($ip)) {
+	 * Handle an incoming request.
-            return new JsonResponse("$ip is forbidden", 403);
+	 *
-        }
+	 * @param  \Illuminate\Http\Request $request
-
+	 * @param  \Closure $next
-        $params = $request->all();
+	 * @return mixed
-
+	 */
-        if (empty($params['appid'])) {
+	public function handle($request, Closure $next)
-            $data = ['error' => 'require appid',];
+	{
-            return new JsonResponse($data, 403);
+		$ip = $request->getClientIp();
-        }
+		if (!$this->isClientIPPermitted($ip)) {
-
+			return new JsonResponse("$ip is forbidden", 403);
-        if (empty($params['timestamp'])) {
+		}
-            $data = ['error' => 'require time',];
+		
-            return new JsonResponse($data, 403);
+		$params = $request->all();
-        } elseif (intval($params['timestamp']) + 60 < time()) {
+		
-            $data = ['error' => 'sign expired',];
+		if (empty($params['appid'])) {
-            return new JsonResponse($data, 403);
+			$data = ['error' => 'require appid',];
-        }
+			return new JsonResponse($data, 403);
-
+		}
-        $key = config('internal_api.server.' . $params['appid']);
+		
-
+		if (empty($params['timestamp'])) {
-        if (empty($key)) {
+			$data = ['error' => 'require time',];
-            $data = ['error' => 'config error',];
+			return new JsonResponse($data, 403);
-            return new JsonResponse($data, 403);
+		} else if (intval($params['timestamp']) + 60 < time()) {
-        }
+			$data = ['error' => 'sign expired',];
-
+			return new JsonResponse($data, 403);
-        $sign = sign($params, $key);
+		}
-        if ($sign != $params['sign']) {
+		
-            $data = [
+		$key = config('internal_api.server.' . $params['appid']);
-                'error' => 'sign error',
+		
-            ];
+		if (empty($key)) {
-            return new JsonResponse($data, 403);
+			$data = ['error' => 'config error',];
-        }
+			return new JsonResponse($data, 403);
-
+		}
-        return $next($request);
+		
-    }
+		$sign = sign($params, $key);
-
+		if ($sign != $params['sign']) {
+			$data = [
+				'error' => 'sign error',
+			];
+			return new JsonResponse($data, 403);
+		}
+		
+		return $next($request);
+	}
+	
 }

src/ServiceProvider.php

@@ -2,8 +2,26 @@
 
 namespace PdInternalApi;
 
+use Illuminate\Http\Request;
+
 class ServiceProvider extends \Illuminate\Support\ServiceProvider
 {
+	
+	public function boot(){
+		Request::setTrustedProxies([
+			//pod network
+			'172.20.0.0/16',
+			//vpc
+			'10.0.0.0/16',
+			//local
+			'127.0.0.1',
+			//北京办公区
+			'172.16.0.0/16',
+			//aliyun slb
+			'100.116.0.0/16',
+		], Request::HEADER_X_FORWARDED_ALL);
+	}
+	
     /**
      * Register any application services.
      *