diff options
author | Daniel Weipert <code@drogueronin.de> | 2023-05-01 14:15:38 +0200 |
---|---|---|
committer | Daniel Weipert <code@drogueronin.de> | 2023-05-01 14:36:38 +0200 |
commit | 814d660f90dd4b71a53f7cc743ae3ee3072de728 (patch) | |
tree | a0716ab225c7adadf193e353cef667fa8700b886 /src | |
parent | 1be8276ed97cef78a60a07fce002fde38a4fc090 (diff) |
Add referrer check
For domains and ips, in case someone wants to do that
Diffstat (limited to 'src')
-rw-r--r-- | src/App.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/App.php b/src/App.php index c6e8539..7a0c28d 100644 --- a/src/App.php +++ b/src/App.php @@ -44,6 +44,26 @@ class App try { $config = $this->buildConfig($contentRoot . $path); + // check referrer + if (! empty($config['api']['referrer'])) { + $referrerDomain = $_SERVER['HTTP_REFERER'] ?? ''; + $referrerIp = $_SERVER['REMOTE_ADDR'] ?? 0; + $referrerIsMatch = false; + foreach ($config['api']['referrer'] as $referrer) { + if ( + ($referrer['domain'] ?? $referrerDomain) === $referrerDomain && + ($referrer['ip'] ?? $referrerIp) === $referrerIp + ) { + $referrerIsMatch = true; + break; + } + } + + if (! $referrerIsMatch) { + throw new HttpException('Referrer mismatch', Response::HTTP_UNAUTHORIZED); + } + } + // check api key $apiKey = $_GET['key'] ?? $_POST['key'] ?? null; if (empty($apiKey)) { |