dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(api): enhance IP access control in middleware and settings; support CIDR notation and special case for 0.0.0.0 to allow all IPs

Browse Source
This commit is contained in:
Andras Bacsai
2025-08-26 10:26:39 +02:00
parent 0f8b86c253
commit 74ebaef17b
3 changed files with 153 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Middleware/ApiAllowed.php
View File

@@ -18,12 +18,18 @@ class ApiAllowed
return response()->json(['success' => true, 'message' => 'API is disabled.'], 403);
}
if (! isDev()) {
if ($settings->allowed_ips) {
$allowedIps = explode(',', $settings->allowed_ips);
if (! in_array($request->ip(), $allowedIps)) {
return response()->json(['success' => true, 'message' => 'You are not allowed to access the API.'], 403);
}
if ($settings->allowed_ips) {
// Check for special case: 0.0.0.0 means allow all
if (trim($settings->allowed_ips) === '0.0.0.0') {
return $next($request);
}
$allowedIps = explode(',', $settings->allowed_ips);
$allowedIps = array_map('trim', $allowedIps);
$allowedIps = array_filter($allowedIps); // Remove empty entries
if (! empty($allowedIps) && ! check_ip_against_allowlist($request->ip(), $allowedIps)) {
return response()->json(['success' => true, 'message' => 'You are not allowed to access the API.'], 403);
}
}