mirror of
https://github.com/axeloz/filesharing.git
synced 2025-05-06 10:03:55 +02:00
Adding IP filtering
This commit is contained in:
parent
e148598f8c
commit
983166742f
7 changed files with 142 additions and 7 deletions
|
|
@ -47,7 +47,6 @@ class Upload {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
public static function fileMaxSize($human = false) {
|
||||
$values = [
|
||||
'post' => ini_get('post_max_size'),
|
||||
|
|
@ -71,4 +70,92 @@ class Upload {
|
|||
}
|
||||
return $min;
|
||||
}
|
||||
|
||||
|
||||
public static function canUpload($current_ip) {
|
||||
|
||||
// Getting the IP limit configuration
|
||||
$ips = config('sharing.upload_ip_limit');
|
||||
|
||||
// If set and not empty, checking client's IP
|
||||
if (! empty($ips) && count($ips) > 0) {
|
||||
$valid = false;
|
||||
|
||||
foreach ($ips as $ip) {
|
||||
// Client's IP appears in the whitelist
|
||||
if (self::isValidIp($current_ip, $ip)) {
|
||||
$valid = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Client's IP is not allowed
|
||||
if ($valid === false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function isValidIp($ip, $range) {
|
||||
|
||||
// Range is in CIDR format
|
||||
if (strpos($range, '/') !== false) {
|
||||
list($range, $netmask) = explode('/', $range, 2);
|
||||
|
||||
// Netmask is a 255.255.0.0 format
|
||||
if (strpos($netmask, '.') !== false) {
|
||||
$netmask = str_replace('*', '0', $netmask);
|
||||
$netmask_dec = ip2long($netmask);
|
||||
return ( (ip2long($ip) & $netmask_dec) == (ip2long($range) & $netmask_dec) );
|
||||
}
|
||||
// Netmask is a CIDR size block
|
||||
else {
|
||||
// fix the range argument
|
||||
$x = explode('.', $range);
|
||||
|
||||
while(count($x) < 4) {
|
||||
$x[] = 0;
|
||||
}
|
||||
|
||||
list($a, $b, $c, $d) = $x;
|
||||
$range = sprintf("%u.%u.%u.%u", empty($a)?'0':$a, empty($b)?'0':$b,empty($c)?'0':$c,empty($d)?'0':$d);
|
||||
$range_dec = ip2long($range);
|
||||
$ip_dec = ip2long($ip);
|
||||
|
||||
$wildcard_dec = pow(2, (32-$netmask)) - 1;
|
||||
$netmask_dec = ~ $wildcard_dec;
|
||||
|
||||
return (($ip_dec & $netmask_dec) == ($range_dec & $netmask_dec));
|
||||
}
|
||||
}
|
||||
// Range might be 255.255.*.* or 1.2.3.0-1.2.3.255
|
||||
elseif (strpos($range, '*') !== false || strpos($range, '-') !== false) {
|
||||
|
||||
// a.b.*.* format
|
||||
if (strpos($range, '*') !== false) {
|
||||
// Just convert to A-B format by setting * to 0 for A and 255 for B
|
||||
$lower = str_replace('*', '0', $range);
|
||||
$upper = str_replace('*', '255', $range);
|
||||
$range = "$lower-$upper";
|
||||
}
|
||||
|
||||
// A-B format
|
||||
if (strpos($range, '-') !== false) {
|
||||
list($lower, $upper) = explode('-', $range, 2);
|
||||
$lower_dec = (float)sprintf("%u",ip2long($lower));
|
||||
$upper_dec = (float)sprintf("%u",ip2long($upper));
|
||||
$ip_dec = (float)sprintf("%u",ip2long($ip));
|
||||
return ( ($ip_dec>=$lower_dec) && ($ip_dec<=$upper_dec) );
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
// Full IP format 192.168.10.10
|
||||
else {
|
||||
return ($ip == $range);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
namespace app\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Upload;
|
||||
|
||||
class UploadAccess
|
||||
{
|
||||
|
|
@ -15,6 +16,9 @@ class UploadAccess
|
|||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if (Upload::canUpload($request->ip()) !== true) {
|
||||
return redirect()->route('homepage');
|
||||
}
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,5 +5,17 @@ return [
|
|||
'max_filesize' => env('UPLOAD_MAX_FILESIZE', '5M'),
|
||||
'max_files' => env('UPLOAD_MAX_FILES', 100),
|
||||
|
||||
/**
|
||||
** IP v4 access limitations
|
||||
** Acceptable formats :
|
||||
** 1. Full IP address (192.168.10.2)
|
||||
** 2. Wildcard format (192.168.10.*)
|
||||
** 3. CIDR Format (192.168.10/24) OR 1.2.3.4/255.255.255.0
|
||||
** 4. Start-end IP (192.168.10.0-192.168.10.10)
|
||||
*/
|
||||
'upload_ip_limit' => [
|
||||
'127.0.0.1'
|
||||
]
|
||||
|
||||
|
||||
];
|
||||
|
|
|
|||
|
|
@ -21,6 +21,13 @@ return [
|
|||
'you-can-add-files' => 'You may keep adding files if you want to.',
|
||||
'error-title' => 'An error has occurred',
|
||||
'files-count-limit' => 'Max number of files reached',
|
||||
'file-too-big' => 'This file is too big (size : {{filesize}}MB, limit : {{maxFilesize}}MB)'
|
||||
'file-too-big' => 'This file is too big (size : {{filesize}}MB, limit : {{maxFilesize}}MB)',
|
||||
'cannot-upload' => 'Téléversement impossible',
|
||||
'cannot-upload-blocked-ip' => 'You haven\'t been granted permission to upload on this application',
|
||||
'upload-permission-required' => 'Permission required for upload',
|
||||
'cannot-upload-no-password' => 'You must provide a valid password in order to upload on this application',
|
||||
'password' => 'Password: ',
|
||||
'upload-disabled' => 'Upload is disabled on this application',
|
||||
'start-new-upload' => 'Click here to start a new upload'
|
||||
|
||||
];
|
||||
|
|
|
|||
|
|
@ -21,6 +21,12 @@ return [
|
|||
'you-can-add-files' => 'Vous pouvez continuer d\'ajouter autant de fichiers que vous le souhaitez.',
|
||||
'error-title' => 'Une erreur est survenue',
|
||||
'files-count-limit' => 'Nombre maximal de fichiers atteint',
|
||||
'file-too-big' => 'Le fichier est trop gros (poids : {{filesize}}MB, limite : {{maxFilesize}}MB)'
|
||||
|
||||
'file-too-big' => 'Le fichier est trop gros (poids : {{filesize}}MB, limite : {{maxFilesize}}MB)',
|
||||
'cannot-upload' => 'Téléversement impossible',
|
||||
'cannot-upload-blocked-ip' => 'L\'administrateur de cette application ne vous autorise pas à téléverser.',
|
||||
'upload-permission-required' => 'Autorisation requise pour téléverser',
|
||||
'cannot-upload-no-password' => 'Vous devez saisir un mot de passe pour pouvoir téléverser sur cette application',
|
||||
'password' => 'Mot de passe : ',
|
||||
'upload-disabled' => 'Le téléversement est désactivé sur cette application',
|
||||
'start-new-upload' => 'Cliquez ici pour démarrer un nouveau téléversement'
|
||||
];
|
||||
|
|
|
|||
8
resources/views/cannotupload.blade.php
Normal file
8
resources/views/cannotupload.blade.php
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
@extends('master')
|
||||
|
||||
@section('page', 'home')
|
||||
|
||||
@section('content')
|
||||
<h1>@lang('app.cannot-upload')</h1>
|
||||
@lang('app.cannot-upload-blocked-ip')
|
||||
@endsection
|
||||
|
|
@ -1,5 +1,7 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Application Routes
|
||||
|
|
@ -11,9 +13,18 @@
|
|||
|
|
||||
*/
|
||||
|
||||
Route::get('/', function() {
|
||||
Route::get('/', function(Request $request) {
|
||||
|
||||
if (Upload::canUpload($request->ip()) !== true) {
|
||||
return view('cannotupload', [
|
||||
'u' => $request->get('u')
|
||||
]);
|
||||
}
|
||||
else {
|
||||
return redirect()->route('upload.create');
|
||||
});
|
||||
}
|
||||
|
||||
})->name('homepage');
|
||||
|
||||
Route::prefix('upload')->middleware(['web', 'upload'])->group(function() {
|
||||
Route::get('/', [
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue