summaryrefslogtreecommitdiff
path: root/src/App.php
diff options
context:
space:
mode:
authorDaniel Weipert <code@drogueronin.de>2023-05-01 14:15:38 +0200
committerDaniel Weipert <code@drogueronin.de>2023-05-01 14:36:38 +0200
commit814d660f90dd4b71a53f7cc743ae3ee3072de728 (patch)
treea0716ab225c7adadf193e353cef667fa8700b886 /src/App.php
parent1be8276ed97cef78a60a07fce002fde38a4fc090 (diff)
Add referrer check
For domains and ips, in case someone wants to do that
Diffstat (limited to 'src/App.php')
-rw-r--r--src/App.php20
1 files changed, 20 insertions, 0 deletions
diff --git a/src/App.php b/src/App.php
index c6e8539..7a0c28d 100644
--- a/src/App.php
+++ b/src/App.php
@@ -44,6 +44,26 @@ class App
try {
$config = $this->buildConfig($contentRoot . $path);
+ // check referrer
+ if (! empty($config['api']['referrer'])) {
+ $referrerDomain = $_SERVER['HTTP_REFERER'] ?? '';
+ $referrerIp = $_SERVER['REMOTE_ADDR'] ?? 0;
+ $referrerIsMatch = false;
+ foreach ($config['api']['referrer'] as $referrer) {
+ if (
+ ($referrer['domain'] ?? $referrerDomain) === $referrerDomain &&
+ ($referrer['ip'] ?? $referrerIp) === $referrerIp
+ ) {
+ $referrerIsMatch = true;
+ break;
+ }
+ }
+
+ if (! $referrerIsMatch) {
+ throw new HttpException('Referrer mismatch', Response::HTTP_UNAUTHORIZED);
+ }
+ }
+
// check api key
$apiKey = $_GET['key'] ?? $_POST['key'] ?? null;
if (empty($apiKey)) {