PHP Laravel API-如何将请求限制为多个受信任的主机?

时间:2018-09-18 12:13:47

标签: php laravel lumen

我已经在Laravel Lumen API 5.7中看到以下方法

Request::setTrustedHosts($hostPatterns)

我想在中间件中使用它,以将请求限制为特定的客户端列表。

我应该如何进行?

我认为现有的$request->isFromTrustedProxy()方法是否有与之等效的方法?

2 个答案:

答案 0 :(得分:2)

假设您要通过IP地址或类似方式限制访客,则可以构建这样的中间件:

namespace App\Http\Middleware;

use Closure;

class LimitAccess {

    public function handle($request, Closure $next)
    {
        if(env('APP_ENV')=='production') {
            $ipArray = ['127.0.0.1',...]; //Add trusted IP addresses here
            if (in_array(\Request::ip(), $ipArray)) {
                return $next($request);
            } else {
                return response("You are not allowed here!", 503);
            }
        } else {
            return $next($request);
        }
    }
}

对于Laravel,您可以在$ \ middlewareGroups数组下的Http \ Kernel.php中注册该中间件,如下所示:

protected $middlewareGroups = [
    'api' => [
        \App\Http\Middleware\LimitAccess::class
    ]
];

对于Lumen,您可以通过在bootstrap / app.php文件中用快捷键识别中间件来进行注册:

$app->routeMiddleware([
    'limit' => App\Http\Middleware\LimitAccess::class,
]);

然后您将其应用到所需的路线上,

$router->get('url/you/want/to/limit', ['middleware' => 'limit', function () {
    //
}]);

这应该完全满足您的要求。您显然可以将IP地址阵列更改为所需的任何内容。

答案 1 :(得分:1)

基于@eResourcesInc的答案,因为我想将请求限制为某些受信任的客户端(例如使用API​​的某些姐妹服务器),这是我想出的:

.env文件中使用所需的受信任客户端主机名创建了新条目

TRUSTED_CLIENTS=specific.example.com|*.whatever.net|8-8-8-8.static.example.org

然后在TrustedAccess中创建了App\Http\Middleware\TrustedAccess.php中间件

namespace App\Http\Middleware;

use Illuminate\Http\Response;
use Closure;

class TrustedAccess
{
    private $trustedClients;

    public function __construct()
    {
        $this->trustedClients = [];
        if (env('TRUSTED_CLIENTS')) {
            $list = explode('|', env('TRUSTED_CLIENTS'));
            if ($list !== false && !empty($list)) {
                $this->trustedClients = $list;
            }
        }
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(env('APP_ENV')=='production') {
            $clientHostname = gethostbyaddr($request->getClientIp());
            $isTrusted = false;
            foreach ($this->trustedClients as $trustedClientHostname) {
                if (self::isHostnameMatch($clientHostname, $trustedClientHostname)) {
                    $isTrusted = true;
                    break;
                }
            }
            if ($isTrusted) {
                return $next($request);
            } else {
                return response()->json(['error'=>'Unauthorised'], Response::HTTP_UNAUTHORIZED);
            }
        } else {
            return $next($request);
        }
    }

    private static function isHostnameMatch($hostname, $trustedHostname)
    {
        if ($trustedHostname == '*' || $hostname == $trustedHostname) {
            return true;
        }
        // check if wildcard subdomain
        $subdomainDelimiterPosition = strpos($hostname, '.');
        if(strlen($trustedHostname) < 2 || $subdomainDelimiterPosition === false) {
            return false;
        }
        if (substr($trustedHostname, 0, 2) == '*.') {
            if (substr($trustedHostname, 1) == substr($hostname, $subdomainDelimiterPosition)) {
                return true;
            }
        }
        return false;
    }
}

对于Lumen,我使用快捷键在bootstrap/app.php文件中注册了中间件:

$app->routeMiddleware([
    'trusted' => App\Http\Middleware\TrustedAccess::class,
]);

然后我将其应用于这样的路线:

$router->get('url/I/want/to/limit', ['middleware' => 'trusted', function () {
    //
}]);

就是这样。如果有任何建议,请发表评论!

相关问题
最新问题