village-hall
/
opnform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

JWT token IP restriction

This commit is contained in:
Julien Nahum 2024-01-09 10:43:07 +01:00
parent 0809200827
commit dd83528a3a
3 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@ -2,6 +2,7 @@
namespace App\Http; namespace App\Http;
use App\Http\Middleware\AuthenticateJWT;
use App\Http\Middleware\CustomDomainRestriction; use App\Http\Middleware\CustomDomainRestriction;
use App\Http\Middleware\EmbeddableForms; use App\Http\Middleware\EmbeddableForms;
use App\Http\Middleware\IsAdmin; use App\Http\Middleware\IsAdmin;
@ -27,6 +28,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\TrimStrings::class, \App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\SetLocale::class, \App\Http\Middleware\SetLocale::class,
AuthenticateJWT::class,
CustomDomainRestriction::class, CustomDomainRestriction::class,
]; ];

46
app/Http/Middleware/AuthenticateJWT.php Normal file
View File

@ -0,0 +1,46 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Tymon\JWTAuth\Exceptions\JWTException;
class AuthenticateJWT
{
/**
* Verifies the JWT token and validates the IP and User Agent
* Invalidates token otherwise
*/
public function handle(Request $request, Closure $next)
{
// Parse JWT Payload
try {
$payload = \JWTAuth::parseToken()->getPayload();
} catch (JWTException $e) {
return $next($request);
}
// Validate IP and User Agent
if ($payload) {
$error = null;
if (!\Hash::check($request->ip(), $payload->get('ip'))) {
$error = 'Origin IP is invalid';
}
if (!\Hash::check($request->userAgent(), $payload->get('ua'))) {
$error = 'Origin User Agent is invalid';
}
if ($error) {
auth()->invalidate();
return response()->json([
'message' => $error
], 403);
}
}
return $next($request);
}
}

5
app/Models/User.php
View File

@ -194,7 +194,10 @@ class User extends Authenticatable implements JWTSubject
*/ */
public function getJWTCustomClaims() public function getJWTCustomClaims()
{ {
return []; return [
'ip' => \Hash::make(request()->ip()),
'ua' => \Hash::make(request()->userAgent()),
];
} }
public function getIsRiskyAttribute() public function getIsRiskyAttribute()