danog/TelegramApiServer
1
0
Fork 0
mirror of https://github.com/danog/TelegramApiServer.git synced 2024-11-26 20:04:45 +01:00
Code Issues Projects Releases Wiki Activity

Docker network whitelist

Browse Source
This commit is contained in:
Alexander Pankratov 2020-06-08 01:42:49 +03:00
parent 09cfaf4d70
commit 4754105e32
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker-compose.yml
View File

@ -1,4 +1,4 @@
version: '3' version: '3.5'
services: services:
telegram-api-server: telegram-api-server:
build: ./ build: ./
@ -29,3 +29,6 @@ services:
- ./.mysql:/var/lib/mysql - ./.mysql:/var/lib/mysql
environment: environment:
MYSQL_ALLOW_EMPTY_PASSWORD: 'yes' MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
networks:
default:
name: telegram-api-server

14
src/Server/Authorization.php
View File

@ -13,14 +13,12 @@ use function Amp\call;
class Authorization implements Middleware class Authorization implements Middleware
{ {
private array $ipWhitelist; private array $ipWhitelist;
private int $selfIp;
public function __construct() public function __construct()
{ {
$this->ipWhitelist = (array) Config::getInstance()->get('api.ip_whitelist', []); $this->ipWhitelist = (array) Config::getInstance()->get('api.ip_whitelist', []);
//Add self ip for docker. $this->selfIp = ip2long(getHostByName(php_uname('n')));
if (\count($this->ipWhitelist) > 0) {
$this->ipWhitelist[] = getHostByName(php_uname('n'));
}
} }
public function handleRequest(Request $request, RequestHandler $next): Promise { public function handleRequest(Request $request, RequestHandler $next): Promise {
@ -39,6 +37,14 @@ class Authorization implements Middleware
private function isIpAllowed(string $host): bool private function isIpAllowed(string $host): bool
{ {
global $options;
if ($options['docker']) {
$isSameNetwork = abs(ip2long($host) - $this->selfIp) < 10;
if ($isSameNetwork) {
return true;
}
}
if ($this->ipWhitelist && !in_array($host, $this->ipWhitelist, true)) { if ($this->ipWhitelist && !in_array($host, $this->ipWhitelist, true)) {
return false; return false;
} }