白名单域认证Laravel [英] Whitelist Domain Authentication Laravel

问题描述

我正在寻找仅允许某些域访问我的laravel应用程序的最佳方法.我当前正在使用Laravel 5.1，并且如果引荐域不在白名单域中，则正在使用中间件进行重定向.

I'm looking for the best way to only allow certain domains to access my laravel application. I'm currently using Laravel 5.1 and am using a Middleware to redirect if the referring domain isn't located in the whitelisted domains.

class Whitelist {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */

    public function handle($request, Closure $next)
    {
        //requesting URL
        $referer = Request::server('HTTP_REFERER');

        //parse url to match base in table
        $host = parse_url($referer, PHP_URL_HOST);
        $host = str_replace("www.", "", $host);

        //Cached query to whitelisted domains - 1400 = 24 hours
        $whiteList = Cache::remember('whitelist_domains', 1400, function(){
            $query = WhiteListDomains::lists('domain')->all();
            return $query;
        });

        //Check that referring domain is whitelisted or itself?
        if(in_array($host, $whiteList)){
            return $next($request);
        }else{
            header('HTTP/1.0 403 Forbidden');
            die('You are not allowed to access this file.');
        }
    }
}

是否有更好的方法来做到这一点，或者我走在正确的轨道上?

Is there a better way to go about doing this, or am I on the right track?

任何帮助将不胜感激.

谢谢.

推荐答案

您步入正轨，实现起来似乎还不错.

You're on the right track, the implementation seems to be fine.

但是，不要相信HTTP_REFERER作为身份验证/标识的方式，因为它很容易修改.

However, do not trust the HTTP_REFERER as a means of authentication/identification as it can be modified easily.

这篇关于白名单域认证Laravel的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！