Spaces:
No application file
No application file
File size: 1,801 Bytes
d2897cd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
<?php
namespace Mautic\Middleware\Dev;
use Mautic\Middleware\ConfigAwareTrait;
use Mautic\Middleware\PrioritizedMiddlewareInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\HttpKernelInterface;
class IpRestrictMiddleware implements HttpKernelInterface, PrioritizedMiddlewareInterface
{
use ConfigAwareTrait;
public const PRIORITY = 20;
/**
* @var HttpKernelInterface
*/
protected $app;
/**
* @var array
*/
protected $allowedIps;
public function __construct(HttpKernelInterface $app)
{
$this->app = $app;
$this->allowedIps = ['127.0.0.1', 'fe80::1', '::1'];
$parameters = $this->getConfig();
if (array_key_exists('dev_hosts', $parameters) && is_array($parameters['dev_hosts'])) {
$this->allowedIps = array_merge($this->allowedIps, $parameters['dev_hosts']);
}
if (isset($_SERVER['MAUTIC_CUSTOM_DEV_HOSTS'])) {
$localIps = json_decode($_SERVER['MAUTIC_CUSTOM_DEV_HOSTS'], true);
$this->allowedIps = array_merge($this->allowedIps, $localIps);
}
}
/**
* This check prevents access to debug front controllers
* that are deployed by accident to production servers.
*
* {@inheritdoc}
*/
public function handle(Request $request, $type = self::MAIN_REQUEST, $catch = true)
{
if (in_array($request->getClientIp(), $this->allowedIps) || false !== getenv('DDEV_TLD')) {
return $this->app->handle($request, $type, $catch);
}
return new Response('You are not allowed to access this file.', 403);
}
public function getPriority()
{
return self::PRIORITY;
}
}
|