Page MenuHomeDevCentral
Files F7148398

D25.id916.diff
No OneTemporary
Actions

D25.id916.diff
View Options

diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@
docker run -t -d \
--link <a MySQL or MariaDB container>:mysql \
-p <the port you want>:80 \
+ -e TRUST_ALL_PROXIES=1 \
-e DB_HOST=mysql \
-e DB_DATABASE=<name of the database> \
-e DB_USERNAME=<login for this database> \
diff --git a/app/Enums/TrustProxyConfigurationMode.php b/app/Enums/TrustProxyConfigurationMode.php
new file mode 100644
--- /dev/null
+++ b/app/Enums/TrustProxyConfigurationMode.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace AuthGrove\Enums;
+
+use Artisaninweb\Enum\Enum;
+
+/**
+ * @method static TrustProxyConfigurationMode ENUM()
+ */
+class TrustProxyConfigurationMode extends Enum {
+ const __default = self::TrustNone;
+
+ const TrustNone = 0;
+ const TrustSome = 1;
+ const TrustAll = 2;
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -16,6 +16,7 @@
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'AuthGrove\Http\Middleware\VerifyCsrfToken',
+ 'AuthGrove\Http\Middleware\TrustProxy',
];
/**
diff --git a/app/Http/Middleware/TrustProxy.php b/app/Http/Middleware/TrustProxy.php
new file mode 100644
--- /dev/null
+++ b/app/Http/Middleware/TrustProxy.php
@@ -0,0 +1,53 @@
+<?php namespace AuthGrove\Http\Middleware;
+
+use Illuminate\Contracts\Routing\Middleware;
+use AuthGrove\Enums\TrustProxyConfigurationMode;
+use Config;
+use Closure;
+
+class TrustProxy implements Middleware {
+ /**
+ * Handle an incoming request.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @param \Closure $next
+ * @return mixed
+ */
+ public function handle($request, Closure $next)
+ {
+ $proxy = Config::get('app.proxy');
+
+ switch ($mode = self::getConfigurationMode($proxy)) {
+ case TrustProxyConfigurationMode::TrustNone:
+ break;
+
+ case TrustProxyConfigurationMode::TrustSome:
+ $request->setTrustedProxies($proxy);
+ break;
+
+ case TrustProxyConfigurationMode::TrustAll:
+ $request->setTrustedProxies([ $_SERVER["REMOTE_ADDR"] ]);
+ break;
+
+ default:
+ throw new ArgumentException("Unhandled configuration mode: $mode");
+ }
+
+ return $next($request);
+ }
+
+ /**
+ * Gets trust proxies configuration mode
+ */
+ public static function getConfigurationMode ($configValue) {
+ if (!is_array($configValue) || !count($configValue)) {
+ return TrustProxyConfigurationMode::TrustNone;
+ }
+
+ if (in_array('*', $configValue)) {
+ return TrustProxyConfigurationMode::TrustAll;
+ }
+
+ return TrustProxyConfigurationMode::TrustSome;
+ }
+}
diff --git a/config/app.php b/config/app.php
--- a/config/app.php
+++ b/config/app.php
@@ -30,6 +30,26 @@
/*
|--------------------------------------------------------------------------
+ | Proxies serving requests
+ |--------------------------------------------------------------------------
+ |
+ | Auth Grove can handle proxy headers like HTTP_X_FORWARDED_PROTO according
+ | your configuration.
+ |
+ | - To always trust forward headers, adds a star entry: ['*']
+ | - To never trust any server, use an empty array: []
+ | - To specify the proxies servers, create an array with each IP.
+ |
+ | If you put Auth Grove on an back-end application server, with a front-end
+ | nginx responsible for SSL termination, you can set the front-end IPs or
+ | blindly trust any remote address with a magic entry '*'.
+ |
+ */
+
+ 'proxy' => env('TRUST_ALL_PROXIES', false) ? ['*'] : [],
+
+ /*
+ |--------------------------------------------------------------------------
| Application Timezone
|--------------------------------------------------------------------------
|

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 22, 12:20 (18 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2595462
Default Alt Text
D25.id916.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator