JWT token IP restriction

This commit is contained in:
Julien Nahum 2024-01-09 10:43:07 +01:00
parent 0809200827
commit dd83528a3a
3 changed files with 52 additions and 1 deletions

View File

@ -2,6 +2,7 @@
namespace App\Http;
use App\Http\Middleware\AuthenticateJWT;
use App\Http\Middleware\CustomDomainRestriction;
use App\Http\Middleware\EmbeddableForms;
use App\Http\Middleware\IsAdmin;
@ -27,6 +28,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\SetLocale::class,
AuthenticateJWT::class,
CustomDomainRestriction::class,
];

View File

@ -0,0 +1,46 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Tymon\JWTAuth\Exceptions\JWTException;
class AuthenticateJWT
{
/**
* Verifies the JWT token and validates the IP and User Agent
* Invalidates token otherwise
*/
public function handle(Request $request, Closure $next)
{
// Parse JWT Payload
try {
$payload = \JWTAuth::parseToken()->getPayload();
} catch (JWTException $e) {
return $next($request);
}
// Validate IP and User Agent
if ($payload) {
$error = null;
if (!\Hash::check($request->ip(), $payload->get('ip'))) {
$error = 'Origin IP is invalid';
}
if (!\Hash::check($request->userAgent(), $payload->get('ua'))) {
$error = 'Origin User Agent is invalid';
}
if ($error) {
auth()->invalidate();
return response()->json([
'message' => $error
], 403);
}
}
return $next($request);
}
}

View File

@ -194,7 +194,10 @@ class User extends Authenticatable implements JWTSubject
*/
public function getJWTCustomClaims()
{
return [];
return [
'ip' => \Hash::make(request()->ip()),
'ua' => \Hash::make(request()->userAgent()),
];
}
public function getIsRiskyAttribute()