diff --git a/.env.docker.example b/.env.docker.example index fb58d35..e3b49bc 100644 --- a/.env.docker.example +++ b/.env.docker.example @@ -9,7 +9,10 @@ MEMORY_LIMIT=256M TIMEZONE=UTC # List of allowed clients. Separate with comma. -# Leave blanc, to allow requests from all IP (dangerous!) +# Leave blanc, to allow requests from all IP (THIS WILL MAKE API UNSECURE!) +# To recieve requests from internet also need to (THIS WILL MAKE API UNSECURE!): +# 1) remove `127.0.0.1:` from ports in docker-compose.yml. Should be: ` - "9503:9503"`. +# 2) recreate container `docker-compose up -d` IP_WHITELIST=127.0.0.1 # TELEGRAM CLIENT diff --git a/.env.example b/.env.example index e8d9ff3..9f95801 100644 --- a/.env.example +++ b/.env.example @@ -2,6 +2,8 @@ # Check for outdated .env files VERSION=1 +# IP that server listens for requests. +# To recieve requests from the Internet change to 0.0.0.0 and add rule to your firewall (THIS WILL MAKE API UNSECURE!) SERVER_ADDRESS=127.0.0.1 SERVER_PORT=9503 @@ -9,7 +11,7 @@ MEMORY_LIMIT=256M TIMEZONE=UTC # List of allowed clients. Separate with comma. -# Leave blanc, to allow requests from all IP (dangerous!) +# Leave blanc, to allow requests from all IP (THIS WILL MAKE API UNSECURE!) IP_WHITELIST=127.0.0.1 # TELEGRAM CLIENT diff --git a/README.md b/README.md index f5ab804..fdbd9b8 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,12 @@ Fast, simple, async php telegram api server: * Url: `http://%address%:%port%/api[/%session%]/%class%.%method%/?%param%=%val%` * Important: api available only from ip in whitelist. By default it is: `127.0.0.1` - You can add client ip in .env file to `API_CLIENT_WHITELIST` (use json format) + You can add a client IP in .env file to `IP_WHITELIST` (separate with a comma) + + In docker version by default api available only from localhost (127.0.0.1). + To allow connections from the internet, need to change ports in docker-compose.yml to `9503:9503` and recreate the container: `docker-compose up -d`. + This is very insecure, because this will open TAS port to anyone from the internet. + Only protection is the `IP_WHITELIST`, and there are no warranties that it will secure your accounts. * If method is inside class (messages, contacts and etc.) use '.' to separate class from method: `http://127.0.0.1:9503/api/contacts.getContacts` * If method requires array of values, use any name of array, for example 'data': diff --git a/composer.lock b/composer.lock index d5d4bb4..883b1a0 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "6f71aad97ce363d3baab54576c375ddc", + "content-hash": "16ec6732f1828813570b50a338924d33", "packages": [ { "name": "amphp/amp", @@ -2293,12 +2293,12 @@ "source": { "type": "git", "url": "https://github.com/danog/MadelineProto.git", - "reference": "720ddac6" + "reference": "720ddac6368a7d5ea7ddae64bb5e3659539b3834" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/danog/MadelineProto/zipball/720ddac6", - "reference": "720ddac6", + "url": "https://api.github.com/repos/danog/MadelineProto/zipball/720ddac6368a7d5ea7ddae64bb5e3659539b3834", + "reference": "720ddac6368a7d5ea7ddae64bb5e3659539b3834", "shasum": "" }, "require": { @@ -2406,7 +2406,7 @@ "type": "github" } ], - "time": "2021-03-18T16:13:09+00:00" + "time": "2021-03-24T22:10:48+00:00" }, { "name": "danog/magicalserializer", @@ -3813,12 +3813,12 @@ "source": { "type": "git", "url": "https://github.com/Roave/SecurityAdvisories.git", - "reference": "3dfe1d2b81a55b9c51dc87ce89f1ee2beaaf1093" + "reference": "0a55b3eacf6b4a0fdc6ec9d01e00285ca9942b2b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/3dfe1d2b81a55b9c51dc87ce89f1ee2beaaf1093", - "reference": "3dfe1d2b81a55b9c51dc87ce89f1ee2beaaf1093", + "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/0a55b3eacf6b4a0fdc6ec9d01e00285ca9942b2b", + "reference": "0a55b3eacf6b4a0fdc6ec9d01e00285ca9942b2b", "shasum": "" }, "conflict": { @@ -3885,10 +3885,11 @@ "ezsystems/platform-ui-assets-bundle": ">=4.2,<4.2.3", "ezsystems/repository-forms": ">=2.3,<2.3.2.1", "ezyang/htmlpurifier": "<4.1.1", - "facade/ignition": "<=2.5.1,>=2.0|<=1.16.13", + "facade/ignition": "<1.16.14|>=2,<2.4.2|>=2.5,<2.5.2", "firebase/php-jwt": "<2", "flarum/sticky": ">=0.1-beta.14,<=0.1-beta.15", "flarum/tags": "<=0.1-beta.13", + "fluidtypo3/vhs": "<5.1.1", "fooman/tcpdf": "<6.2.22", "fossar/tcpdf-parser": "<6.2.22", "friendsofsymfony/oauth2-php": "<1.3", @@ -3932,6 +3933,7 @@ "mediawiki/core": ">=1.27,<1.27.6|>=1.29,<1.29.3|>=1.30,<1.30.2|>=1.31,<1.31.9|>=1.32,<1.32.6|>=1.32.99,<1.33.3|>=1.33.99,<1.34.3|>=1.34.99,<1.35", "mittwald/typo3_forum": "<1.2.1", "monolog/monolog": ">=1.8,<1.12", + "moodle/moodle": "<3.5.17|>=3.7,<3.7.9|>=3.8,<3.8.8|>=3.9,<3.9.5|>=3.10,<3.10.2", "namshi/jose": "<2.2", "nette/application": ">=2,<2.0.19|>=2.1,<2.1.13|>=2.2,<2.2.10|>=2.3,<2.3.14|>=2.4,<2.4.16|>=3,<3.0.6", "nette/nette": ">=2,<2.0.19|>=2.1,<2.1.13", @@ -3966,6 +3968,7 @@ "phpxmlrpc/extras": "<0.6.1", "pimcore/pimcore": "<6.8.8", "pocketmine/pocketmine-mp": "<3.15.4", + "pressbooks/pressbooks": "<5.18", "prestashop/autoupgrade": ">=4,<4.10.1", "prestashop/contactform": ">1.0.1,<4.3", "prestashop/gamification": "<2.3.2", @@ -4139,7 +4142,7 @@ "type": "tidelift" } ], - "time": "2021-03-23T02:23:40+00:00" + "time": "2021-03-29T21:01:39+00:00" } ], "aliases": [],