-
Notifications
You must be signed in to change notification settings - Fork 125
/
Copy pathTrustProxies.php
130 lines (114 loc) · 3.75 KB
/
TrustProxies.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
namespace Fideloper\Proxy;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Contracts\Config\Repository;
class TrustProxies
{
/**
* The config repository instance.
*
* @var \Illuminate\Contracts\Config\Repository
*/
protected $config;
/**
* The trusted proxies for the application.
*
* @var null|string|array
*/
protected $proxies;
/**
* The proxy header mappings.
*
* @var null|string|int
*/
protected $headers;
/**
* Create a new trusted proxies middleware instance.
*
* @param \Illuminate\Contracts\Config\Repository $config
*/
public function __construct(Repository $config)
{
$this->config = $config;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$request::setTrustedProxies([], $this->getTrustedHeaderNames()); // Reset trusted proxies between requests
$this->setTrustedProxyIpAddresses($request);
return $next($request);
}
/**
* Sets the trusted proxies on the request to the value of trustedproxy.proxies
*
* @param \Illuminate\Http\Request $request
*/
protected function setTrustedProxyIpAddresses(Request $request)
{
$trustedIps = $this->proxies ?: $this->config->get('trustedproxy.proxies');
// Trust any IP address that calls us
// `**` for backwards compatibility, but is deprecated
if ($trustedIps === '*' || $trustedIps === '**') {
return $this->setTrustedProxyIpAddressesToTheCallingIp($request);
}
// Support IPs addresses separated by comma
$trustedIps = is_string($trustedIps) ? array_map('trim', explode(',', $trustedIps)) : $trustedIps;
// Only trust specific IP addresses
if (is_array($trustedIps)) {
return $this->setTrustedProxyIpAddressesToSpecificIps($request, $trustedIps);
}
}
/**
* Specify the IP addresses to trust explicitly.
*
* @param \Illuminate\Http\Request $request
* @param array $trustedIps
*/
private function setTrustedProxyIpAddressesToSpecificIps(Request $request, $trustedIps)
{
$request->setTrustedProxies((array) $trustedIps, $this->getTrustedHeaderNames());
}
/**
* Set the trusted proxy to be the IP address calling this servers
*
* @param \Illuminate\Http\Request $request
*/
private function setTrustedProxyIpAddressesToTheCallingIp(Request $request)
{
$request->setTrustedProxies([$request->server->get('REMOTE_ADDR')], $this->getTrustedHeaderNames());
}
/**
* Retrieve trusted header name(s), falling back to defaults if config not set.
*
* @return int A bit field of Request::HEADER_*, to set which headers to trust from your proxies.
*/
protected function getTrustedHeaderNames()
{
$headers = $this->headers ?: $this->config->get('trustedproxy.headers');
switch ($headers) {
case 'HEADER_X_FORWARDED_AWS_ELB':
case Request::HEADER_X_FORWARDED_AWS_ELB:
return Request::HEADER_X_FORWARDED_AWS_ELB;
break;
case 'HEADER_FORWARDED':
case Request::HEADER_FORWARDED:
return Request::HEADER_FORWARDED;
break;
case 'HEADER_X_FORWARDED_ALL':
case Request::HEADER_X_FORWARDED_ALL:
return Request::HEADER_X_FORWARDED_ALL;
break;
}
return $headers;
}
}