From 814d660f90dd4b71a53f7cc743ae3ee3072de728 Mon Sep 17 00:00:00 2001 From: Daniel Weipert Date: Mon, 1 May 2023 14:15:38 +0200 Subject: Add referrer check For domains and ips, in case someone wants to do that --- src/App.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src/App.php') diff --git a/src/App.php b/src/App.php index c6e8539..7a0c28d 100644 --- a/src/App.php +++ b/src/App.php @@ -44,6 +44,26 @@ class App try { $config = $this->buildConfig($contentRoot . $path); + // check referrer + if (! empty($config['api']['referrer'])) { + $referrerDomain = $_SERVER['HTTP_REFERER'] ?? ''; + $referrerIp = $_SERVER['REMOTE_ADDR'] ?? 0; + $referrerIsMatch = false; + foreach ($config['api']['referrer'] as $referrer) { + if ( + ($referrer['domain'] ?? $referrerDomain) === $referrerDomain && + ($referrer['ip'] ?? $referrerIp) === $referrerIp + ) { + $referrerIsMatch = true; + break; + } + } + + if (! $referrerIsMatch) { + throw new HttpException('Referrer mismatch', Response::HTTP_UNAUTHORIZED); + } + } + // check api key $apiKey = $_GET['key'] ?? $_POST['key'] ?? null; if (empty($apiKey)) { -- cgit v1.2.3