diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 54c54dd..556e49c 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -2,6 +2,7 @@ namespace App\Http; +use App\Http\Middleware\AuthenticateJWT; use App\Http\Middleware\CustomDomainRestriction; use App\Http\Middleware\EmbeddableForms; use App\Http\Middleware\IsAdmin; @@ -27,6 +28,7 @@ class Kernel extends HttpKernel \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \App\Http\Middleware\SetLocale::class, + AuthenticateJWT::class, CustomDomainRestriction::class, ]; diff --git a/app/Http/Middleware/AuthenticateJWT.php b/app/Http/Middleware/AuthenticateJWT.php new file mode 100644 index 0000000..7fc10ef --- /dev/null +++ b/app/Http/Middleware/AuthenticateJWT.php @@ -0,0 +1,46 @@ +getPayload(); + } catch (JWTException $e) { + return $next($request); + } + + // Validate IP and User Agent + if ($payload) { + $error = null; + if (!\Hash::check($request->ip(), $payload->get('ip'))) { + $error = 'Origin IP is invalid'; + } + + if (!\Hash::check($request->userAgent(), $payload->get('ua'))) { + $error = 'Origin User Agent is invalid'; + } + + if ($error) { + auth()->invalidate(); + return response()->json([ + 'message' => $error + ], 403); + } + } + + return $next($request); + } +} diff --git a/app/Models/User.php b/app/Models/User.php index 0ec9698..0d826f5 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -194,7 +194,10 @@ class User extends Authenticatable implements JWTSubject */ public function getJWTCustomClaims() { - return []; + return [ + 'ip' => \Hash::make(request()->ip()), + 'ua' => \Hash::make(request()->userAgent()), + ]; } public function getIsRiskyAttribute()