From 4754105e324588e74729b51fbc96a60b999aa588 Mon Sep 17 00:00:00 2001 From: Alexander Pankratov Date: Mon, 8 Jun 2020 01:42:49 +0300 Subject: [PATCH] Docker network whitelist --- docker-compose.yml | 7 +++++-- src/Server/Authorization.php | 14 ++++++++++---- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 8c781db..3582d38 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3' +version: '3.5' services: telegram-api-server: build: ./ @@ -28,4 +28,7 @@ services: volumes: - ./.mysql:/var/lib/mysql environment: - MYSQL_ALLOW_EMPTY_PASSWORD: 'yes' \ No newline at end of file + MYSQL_ALLOW_EMPTY_PASSWORD: 'yes' +networks: + default: + name: telegram-api-server \ No newline at end of file diff --git a/src/Server/Authorization.php b/src/Server/Authorization.php index f409f28..5e23da0 100644 --- a/src/Server/Authorization.php +++ b/src/Server/Authorization.php @@ -13,14 +13,12 @@ use function Amp\call; class Authorization implements Middleware { private array $ipWhitelist; + private int $selfIp; public function __construct() { $this->ipWhitelist = (array) Config::getInstance()->get('api.ip_whitelist', []); - //Add self ip for docker. - if (\count($this->ipWhitelist) > 0) { - $this->ipWhitelist[] = getHostByName(php_uname('n')); - } + $this->selfIp = ip2long(getHostByName(php_uname('n'))); } public function handleRequest(Request $request, RequestHandler $next): Promise { @@ -39,6 +37,14 @@ class Authorization implements Middleware private function isIpAllowed(string $host): bool { + global $options; + if ($options['docker']) { + $isSameNetwork = abs(ip2long($host) - $this->selfIp) < 10; + if ($isSameNetwork) { + return true; + } + } + if ($this->ipWhitelist && !in_array($host, $this->ipWhitelist, true)) { return false; }