diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b55a537 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +composer.phar +composer.lock diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..9a90cc7 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,7 @@ +# Changelog + +All notable changes to `laravel-ip-gateway` will be documented in this file. + +## 1.0.0 - 2018-01-10 + +- First release \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..a47464d --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,32 @@ +# Contributing + +Contributions are **welcome** and will be fully **credited**. + +We accept contributions via Pull Requests on [Github](https://github.com/viitorcloudtechnologies/laravel-word-refiner). + + +## Pull Requests + +- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer). + +- **Add tests!** - Your patch won't be accepted if it doesn't have tests. + +- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date. + +- **Consider our release cycle** - We try to follow [SemVer v2.0.0](http://semver.org/). Randomly breaking public APIs is not an option. + +- **Create feature branches** - Don't ask us to pull from your master branch. + +- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests. + +- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](http://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting. + + +## Running Tests + +``` bash +$ composer test +``` + + +**Happy coding**! diff --git a/README.md b/README.md new file mode 100644 index 0000000..31a07a9 --- /dev/null +++ b/README.md @@ -0,0 +1,63 @@ +# IP gateway for laravel + +[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md) + +## Requirements + +Laravel 5.4 > + +## Features + +* The Laravel Ip gateway package helps you to blacklist or whitelist IP to prevent unauthorized access. + +* Since blacklists deny access to specific entities, they are best used when a limited number of items need to be denied access. When most entities need to be denied access, a whitelist approach is more efficient + +## Installation + +You can install the package via composer: + +```bash +composer require viitorcloud/laravel-ip-gateway +``` + +After installation, You need to publish the config file for this package. This will add the file `config/ip-gateway.php`, where you can configure this package. + +```bash +php artisan vendor:publish --provider="LaravelIpGateway\IpGatewayProvider" +``` + +### Config Usage + +* `enable_package` is used for enable/disable access protection. + +* `enable_blacklist` when its true that means, It will denied access for registered ips in `ip-list`, false means, It will allow accessing for registered ips in `ip-list`. + +* You can authenticated IPs through register route groups in `middleware`. + +* `redirect_route_to` will access URL, To redirect if denied. + +* You can define all your whitelist or blacklist IP addresses inside `ip-list`. + +### Changelog + +Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. + +## Contributing + +Please see [CONTRIBUTING](CONTRIBUTING.md) for details. + +## Security + +If you discover any security-related issues, please email vishal@viitorcloud.com or ruchit.patel@viitor.cloud instead of using the issue tracker. + +## Credits + +- [All Contributors](../../contributors) + +## License + +The MIT License (MIT). Please see [License File](LICENSE.md) for more information. + +## Notes + +**You can create as many whitelists or blacklist groups as you wish to protect access** \ No newline at end of file diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..8c8096a --- /dev/null +++ b/composer.json @@ -0,0 +1,41 @@ +{ + "name": "vcian/laravel-ip-gateway", + "description": "Blacklist or Whitelist IP for routes", + "keywords": [ + "ip", + "gateway", + "whitelist", + "blacklist", + "laravel", + "firewall", + "prevent", + "access", + "authentication", + "denied" + ], + "license": "MIT", + "authors": [ + { + "name": "Rushikesh Soni", + "email": "rushikesh.soni@viitor.cloud", + "role": "Creator" + } + ], + "require": { + "laravel/framework": ">5.4", + "php": ">=5.4.0" + }, + "autoload": { + "psr-4": { + "LaravelIpGateway\\": "src/" + } + }, + "extra": { + "laravel": { + "providers": [ + "LaravelIpGateway\\IpGatewayProvider" + ] + } + }, + "minimum-stability": "dev" +} diff --git a/publishable/config/ip-gateway.php b/publishable/config/ip-gateway.php new file mode 100644 index 0000000..1324722 --- /dev/null +++ b/publishable/config/ip-gateway.php @@ -0,0 +1,52 @@ + true, + + /* + * Enable / disable firewall + * + * Enable will block Blacklist IP + * Disable will allow only Whitelist IP + * + * @type boolean + */ + 'enable_blacklist' => true, + + /* + * Enable IP detection for middleware + * + * You can use middleware name ('auth') + * + * @var array + */ + 'middleware' => [ + + ], + + /* + * Url to redirect if blocked + * + * You can use route url (/404); + * + * @type string + */ + 'redirect_route_to' => '', + + /* + * Whitelisted and blacklisted IP addresses + * + * Examples of IP address + * '127.0.0.0', + * + * @type array + */ + 'ip-list' => [ + + ], +]; diff --git a/src/IpGatewayProvider.php b/src/IpGatewayProvider.php new file mode 100644 index 0000000..8d8d8aa --- /dev/null +++ b/src/IpGatewayProvider.php @@ -0,0 +1,55 @@ +app['router']; + + if (config('ip-gateway')) { + foreach (config('ip-gateway.middleware') as $middlewareName) { + $router->pushMiddlewareToGroup($middlewareName, IpGatewayMiddleware::class); + } + } + } + + /** + * Register the application services. + * + * @return void + */ + public function register() + { + $this->publishFiles(); + } + + /** + * Publish files + */ + public function publishFiles() + { + $publishableFiles = [ + __DIR__ . '/../publishable/config/ip-gateway.php' => config_path('ip-gateway.php'), + ]; + + foreach ($publishableFiles as $storedPath => $publishPath) { + $this->publishes([$storedPath => $publishPath]); + } + + } +} \ No newline at end of file diff --git a/src/middleware/IpGatewayMiddleware.php b/src/middleware/IpGatewayMiddleware.php new file mode 100644 index 0000000..3a241b6 --- /dev/null +++ b/src/middleware/IpGatewayMiddleware.php @@ -0,0 +1,75 @@ +getClientIps() as $ip) { + if ($this->grantIpAddress($ip)) { + $prohibitRequest = true; + Log::warning($ip . ' IP address has tried to access.'); + } + } + } + + if (config('ip-gateway.enable_blacklist') === false) { + foreach ($request->getClientIps() as $ip) { + if (!$this->grantIpAddress($ip)) { + $prohibitRequest = true; + Log::warning($ip . ' IP address has tried to access.'); + } + } + } + } + } + + if ($prohibitRequest === false) { + return $next($request); + } else { + if (config('ip-gateway.redirect_route_to') != '') { + return redirect(config('ip-gateway.redirect_route_to')); + } else { + return redirect('/404'); + } + } + } + + /** + * Grant IP address + * + * @param $ip + * + * @return bool + */ + protected function grantIpAddress($ip) + { + $this->ipList = config('ip-gateway.ip-list'); + return in_array($ip, $this->ipList); + } +}