Spaces:
No application file
No application file
| namespace Mautic\Middleware\Dev; | |
| use Mautic\Middleware\ConfigAwareTrait; | |
| use Mautic\Middleware\PrioritizedMiddlewareInterface; | |
| use Symfony\Component\HttpFoundation\Request; | |
| use Symfony\Component\HttpFoundation\Response; | |
| use Symfony\Component\HttpKernel\HttpKernelInterface; | |
| class IpRestrictMiddleware implements HttpKernelInterface, PrioritizedMiddlewareInterface | |
| { | |
| use ConfigAwareTrait; | |
| public const PRIORITY = 20; | |
| /** | |
| * @var HttpKernelInterface | |
| */ | |
| protected $app; | |
| /** | |
| * @var array | |
| */ | |
| protected $allowedIps; | |
| public function __construct(HttpKernelInterface $app) | |
| { | |
| $this->app = $app; | |
| $this->allowedIps = ['127.0.0.1', 'fe80::1', '::1']; | |
| $parameters = $this->getConfig(); | |
| if (array_key_exists('dev_hosts', $parameters) && is_array($parameters['dev_hosts'])) { | |
| $this->allowedIps = array_merge($this->allowedIps, $parameters['dev_hosts']); | |
| } | |
| if (isset($_SERVER['MAUTIC_CUSTOM_DEV_HOSTS'])) { | |
| $localIps = json_decode($_SERVER['MAUTIC_CUSTOM_DEV_HOSTS'], true); | |
| $this->allowedIps = array_merge($this->allowedIps, $localIps); | |
| } | |
| } | |
| /** | |
| * This check prevents access to debug front controllers | |
| * that are deployed by accident to production servers. | |
| * | |
| * {@inheritdoc} | |
| */ | |
| public function handle(Request $request, $type = self::MAIN_REQUEST, $catch = true) | |
| { | |
| if (in_array($request->getClientIp(), $this->allowedIps) || false !== getenv('DDEV_TLD')) { | |
| return $this->app->handle($request, $type, $catch); | |
| } | |
| return new Response('You are not allowed to access this file.', 403); | |
| } | |
| public function getPriority() | |
| { | |
| return self::PRIORITY; | |
| } | |
| } | |