routes:
<?php
use Illuminate\Support\Facades\Route;
//限制Admin登入時要符合IP
Route::middleware('limitAdminLoginIP')->group(function () {
//Admin login
Route::post('/login', [\App\Http\Controllers\v1\admin\UserController::class, 'login']);
});
app/Http/Kernel.php
<?php
namespace App\Http;
use App\Http\Middleware\LimitAdminLoginIP;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Illuminate\Http\Middleware\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
/**
* The application's route middleware groups.
*
* @var array>
*/
protected $middlewareGroups = [
'api' => [
// \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Illuminate\Session\Middleware\StartSession::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'limitAdminLoginIP' => LimitAdminLoginIP::class,
];
}
Middleware:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
/**
* 限制Admin在操作API時如果
* IP不被允許則直接回傳錯誤
*/
class LimitAdminLoginIP
{
/**
* Construct
*/
public function __construct()
{
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
$lang = trim($request->header('lang'));
//取得遠端IP
$ip = $request->header('X-FORWARDED-FOR');
//需要過濾DNS proxy問題所以前面那組IP才是使用者真實IP
if (stripos($ip, ", ") !== false) {
$ipAddresses = explode(", ", $ip);
$ip = $ipAddresses[0];
}
//允許登入IP
$allowIP = ["192.168.1.1", "192.168.10.1"]
$allowIP = explode(",", $allowIP);
//檢查IP是否存在於其中之一
if (!IpUtils::checkIp($ip, $allowIP)) {
response()->json([
'msg' => 'test',
'errno' => 1000,
]);
}
return $next($request);
}
}