白名单域认证Laravel [英] Whitelist Domain Authentication Laravel
本文介绍了白名单域认证Laravel的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在寻找仅允许某些域访问我的laravel应用程序的最佳方法.我当前正在使用Laravel 5.1,并且如果引荐域不在白名单域中,则正在使用中间件进行重定向.
I'm looking for the best way to only allow certain domains to access my laravel application. I'm currently using Laravel 5.1 and am using a Middleware to redirect if the referring domain isn't located in the whitelisted domains.
class Whitelist {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
//requesting URL
$referer = Request::server('HTTP_REFERER');
//parse url to match base in table
$host = parse_url($referer, PHP_URL_HOST);
$host = str_replace("www.", "", $host);
//Cached query to whitelisted domains - 1400 = 24 hours
$whiteList = Cache::remember('whitelist_domains', 1400, function(){
$query = WhiteListDomains::lists('domain')->all();
return $query;
});
//Check that referring domain is whitelisted or itself?
if(in_array($host, $whiteList)){
return $next($request);
}else{
header('HTTP/1.0 403 Forbidden');
die('You are not allowed to access this file.');
}
}
}
是否有更好的方法来做到这一点,或者我走在正确的轨道上?
Is there a better way to go about doing this, or am I on the right track?
任何帮助将不胜感激.
谢谢.
推荐答案
您步入正轨,实现起来似乎还不错.
You're on the right track, the implementation seems to be fine.
但是,不要相信HTTP_REFERER作为身份验证/标识的方式,因为它很容易修改.
However, do not trust the HTTP_REFERER as a means of authentication/identification as it can be modified easily.
这篇关于白名单域认证Laravel的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文