diff options
Diffstat (limited to 'src/App.php')
-rw-r--r-- | src/App.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/App.php b/src/App.php index c6e8539..7a0c28d 100644 --- a/src/App.php +++ b/src/App.php @@ -44,6 +44,26 @@ class App try { $config = $this->buildConfig($contentRoot . $path); + // check referrer + if (! empty($config['api']['referrer'])) { + $referrerDomain = $_SERVER['HTTP_REFERER'] ?? ''; + $referrerIp = $_SERVER['REMOTE_ADDR'] ?? 0; + $referrerIsMatch = false; + foreach ($config['api']['referrer'] as $referrer) { + if ( + ($referrer['domain'] ?? $referrerDomain) === $referrerDomain && + ($referrer['ip'] ?? $referrerIp) === $referrerIp + ) { + $referrerIsMatch = true; + break; + } + } + + if (! $referrerIsMatch) { + throw new HttpException('Referrer mismatch', Response::HTTP_UNAUTHORIZED); + } + } + // check api key $apiKey = $_GET['key'] ?? $_POST['key'] ?? null; if (empty($apiKey)) { |