承接 marshmallow/ip-access 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

marshmallow/ip-access

Composer 安装命令:

composer require marshmallow/ip-access

包简介

Marshmallow - Laravel IP Access

README 文档

README

marshmallow.

Latest Version on Packagist Total Downloads License Stars Forks

This a IP Access redirect package for IPv4 & IPv6. The purpose is to allow or deny access to the Laravel routes by IP address. It is able to allow certain IPs (IPv4 or IPv6) to access default files or envirioments, and redirect non-authorized IPs or Users to an external URL, while letting whitelisted IPs to have access to the entire site or to a special Envirionment.

Requirements

  • PHP ^8.0
  • Laravel 8.x13.x (illuminate/contracts)
  • Laravel Nova ^4.0|^5.0 (optional — only required when using the Nova IP management feature)

Installation

You can install the package via composer:

composer require marshmallow/ip-access

And publish the service provider (and config):

php artisan vendor:publish --provider="Marshmallow\IpAccess\IpAccessServiceProvider"

This is the contents of the published config file:

return [

    // ENABLE IP ACCESS
    'enabled' => env('IPACCESS_ENABLED', true),

    // ENV TO CHECK IP ADDRESS FOR
    'whitelist_env' => env('IPACCESS_ENV', 'production'),

    // WHITELIST IPs GET ACCESS TO ENV
    'whitelist' => [
        'range' => [
            '127.0.0.*',
        ],
        'list' => [
            '127.0.0.1',
        ]
    ],

    // ROUTES THAT BYPASS THE IP CHECK (see "Disable lock for routes and webhooks")
    'except' => [
        //
    ],

    // ACCESS DENIED RESPONSE SETTINGS
    'redirect_to'      => env('IPACCESS_DENIED_URL', null),
    'response_status'  => env('IPACCESS_DENIED_STATUS', 403),
    'response_message' => env('IPACCESS_DENIED_MESSAGE', 'Access not Allowed'),

    // ACCESS PATH FOR LOGGING (reports denied requests to Sentry when bound)
    'access_path_enabled'  => env('IPACCESS_PATH_ENABLED', false),
    'access_path' => env('IPACCESS_PATH', '/ip-access'),

    // KEEP TRACK OF THE IP ADDRESSES USING NOVA
    'use_nova' => true,
];

Optional

These are the optional .env variables to set up:

    # ENABLED
    IPACCESS_ENABLED=true

    # ENV THAT IS CHECKED BY IP e.g. staging
    IPACCESS_ENV=production

    # ADDIOTNAL IP LIST
    IPACCESS_WHITELIST="127.0.0.1,123.456.789.12"   # SEPERATED BY ,

    # URL TO REDIRECT TO:
    IPACCESS_DENIED_URL="https://marshmallow.dev"

    # IF URL NOT SET
    IPACCESS_DENIED_STATUS=403                      # REDIRECT STATUS
    IPACCESS_DENIED_MESSAGE="Not allowed"           # REDIRECT STATUS MESSAGE

Disable lock for routes and webhooks

If you are testing webhooks on an ip locked envoirment you need to open up your application so the webhooks won't be blocked. You can do this by adding values in the config array except. Below you will find a few examples.

Just open up a route

Add a url to the array to just open it up. If this route is matched, the package will just let the request through.

'except' => [
    'webhook/*',
],

Open up with a secret

If you want to open up the route but want to require the request to have a secret, you can do so by adding some settings to the except array.

Via headers

'except' => [
    'webhook/*' => [
        'secret' => [
            'source' => 'header',
            'key' => 'x-webhook-secret',
            'value' => 'TEST_SECRET_HEADER',
        ],
    ],
],

/** This request will be allowed by the config above. */
Http::withHeaders([
  "x-webhook-secret" => "TEST_SECRET_HEADER"
])->get("https://marshmallow.dev/webhook/is/open");

Via body/query string

'except' => [
    'webhook/*' => [
        'secret' => [
            'source' => 'body',
            'key' => 'secret',
            'value' => 'TEST_SECRET_BODY',
        ],
    ],
],

/** These requests will be allowed by the config above. */
Http::get("https://marshmallow.dev/webhook/is/open?secret=TEST_SECRET_BODY");
Http::get("https://marshmallow.dev/webhook/is/open", [
  "secret" => "TEST_SECRET_BODY"
]);
Http::post("https://marshmallow.dev/webhook/is/open", [
  "secret" => "TEST_SECRET_BODY"
]);

Usage with Laravel Nova

If you want to keep track of the ip addresses that have access using Laravel Nova you need to follow the following steps.

To add an check for IP access in Nova, add the following to NovaServiceProvider:

Gate::define('viewNova', function ($user) {
    return IpAccess::hasBackofficeAccess();
}

Update your config file

Set use_nova to true in config/ip-access.php.

return [
    'use_nova' => true,
];

Run migrations

You need to run the migrations after you've update the config file so we have the tables we need to store the ip addresse.

php artisan migrate

Publish the Nova resource

The last step is publishing the Nova resource so you can manage all ip address in your Laravel Nova installation.

php artisan marshmallow:resource IpAccess IpAccess

Uninstall

Once your application is done and you are going to publish your application to production for the whole world to see, you can delete this package. You don't need it anymore and its always good practice to keep your code clean. Run the command below to uninstall this package. This command will delete the config file. Delete the nova resource, delete the migration record, delete the ip_accesss database table and remove the package from your composer file. You will have to review and commit the changes in you GIT repository yourself.

php artisan ip-access:uninstall

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

marshmallow/ip-access 适用场景与选型建议

marshmallow/ip-access 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 11.54k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2021 年 01 月 22 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「marshmallow」 「laravel nova」 「ip-access」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 marshmallow/ip-access 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 marshmallow/ip-access 我们能提供哪些服务?
定制开发 / 二次开发

基于 marshmallow/ip-access 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 11.54k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 6
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2021-01-22