mirror of
https://github.com/danog/TelegramApiServer.git
synced 2024-11-30 04:19:13 +01:00
Docker network whitelist
This commit is contained in:
parent
09cfaf4d70
commit
4754105e32
@ -1,4 +1,4 @@
|
||||
version: '3'
|
||||
version: '3.5'
|
||||
services:
|
||||
telegram-api-server:
|
||||
build: ./
|
||||
@ -29,3 +29,6 @@ services:
|
||||
- ./.mysql:/var/lib/mysql
|
||||
environment:
|
||||
MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
|
||||
networks:
|
||||
default:
|
||||
name: telegram-api-server
|
@ -13,14 +13,12 @@ use function Amp\call;
|
||||
class Authorization implements Middleware
|
||||
{
|
||||
private array $ipWhitelist;
|
||||
private int $selfIp;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->ipWhitelist = (array) Config::getInstance()->get('api.ip_whitelist', []);
|
||||
//Add self ip for docker.
|
||||
if (\count($this->ipWhitelist) > 0) {
|
||||
$this->ipWhitelist[] = getHostByName(php_uname('n'));
|
||||
}
|
||||
$this->selfIp = ip2long(getHostByName(php_uname('n')));
|
||||
}
|
||||
|
||||
public function handleRequest(Request $request, RequestHandler $next): Promise {
|
||||
@ -39,6 +37,14 @@ class Authorization implements Middleware
|
||||
|
||||
private function isIpAllowed(string $host): bool
|
||||
{
|
||||
global $options;
|
||||
if ($options['docker']) {
|
||||
$isSameNetwork = abs(ip2long($host) - $this->selfIp) < 10;
|
||||
if ($isSameNetwork) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->ipWhitelist && !in_array($host, $this->ipWhitelist, true)) {
|
||||
return false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user