danog/TelegramApiServer
1
0
Fork 0
mirror of https://github.com/danog/TelegramApiServer.git synced 2024-11-26 20:04:45 +01:00
Code Issues Projects Releases Wiki Activity

Docker network whitelist

Browse Source
This commit is contained in:
Alexander Pankratov 2020-06-08 01:42:49 +03:00
parent 09cfaf4d70
commit 4754105e32
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docker-compose.yml
View File

@ -1,4 +1,4 @@
version: '3'
version: '3.5'
services:
telegram-api-server:
build: ./
@ -28,4 +28,7 @@ services:
volumes:
- ./.mysql:/var/lib/mysql
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
networks:
default:
name: telegram-api-server

14
src/Server/Authorization.php
View File

@ -13,14 +13,12 @@ use function Amp\call;
class Authorization implements Middleware
{
private array $ipWhitelist;
private int $selfIp;
public function __construct()
{
$this->ipWhitelist = (array) Config::getInstance()->get('api.ip_whitelist', []);
//Add self ip for docker.
if (\count($this->ipWhitelist) > 0) {
$this->ipWhitelist[] = getHostByName(php_uname('n'));
}
$this->selfIp = ip2long(getHostByName(php_uname('n')));
}
public function handleRequest(Request $request, RequestHandler $next): Promise {
@ -39,6 +37,14 @@ class Authorization implements Middleware
private function isIpAllowed(string $host): bool
{
global $options;
if ($options['docker']) {
$isSameNetwork = abs(ip2long($host) - $this->selfIp) < 10;
if ($isSameNetwork) {
return true;
}
}
if ($this->ipWhitelist && !in_array($host, $this->ipWhitelist, true)) {
return false;
}