summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/App.php20
1 files changed, 20 insertions, 0 deletions
diff --git a/src/App.php b/src/App.php
index c6e8539..7a0c28d 100644
--- a/src/App.php
+++ b/src/App.php
@@ -44,6 +44,26 @@ class App
try {
$config = $this->buildConfig($contentRoot . $path);
+ // check referrer
+ if (! empty($config['api']['referrer'])) {
+ $referrerDomain = $_SERVER['HTTP_REFERER'] ?? '';
+ $referrerIp = $_SERVER['REMOTE_ADDR'] ?? 0;
+ $referrerIsMatch = false;
+ foreach ($config['api']['referrer'] as $referrer) {
+ if (
+ ($referrer['domain'] ?? $referrerDomain) === $referrerDomain &&
+ ($referrer['ip'] ?? $referrerIp) === $referrerIp
+ ) {
+ $referrerIsMatch = true;
+ break;
+ }
+ }
+
+ if (! $referrerIsMatch) {
+ throw new HttpException('Referrer mismatch', Response::HTTP_UNAUTHORIZED);
+ }
+ }
+
// check api key
$apiKey = $_GET['key'] ?? $_POST['key'] ?? null;
if (empty($apiKey)) {