marshmallow / ip-access
Marshmallow - Laravel IP Access
Installs: 9 557
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 2
Requires
- php: ^8.0
- illuminate/contracts: ^8.0|^9.0|^10.0|^11.0
- laravel/nova: ^4.0|^5.0
- marshmallow/commands: ^1.2
- marshmallow/helpers: ^2.0
Requires (Dev)
- orchestra/testbench: ^6.0|^7.0|^8.0
- phpunit/phpunit: ^9.3
This package is auto-updated.
Last update: 2024-12-23 13:50:12 UTC
README
This a IP Access redirect package for IPv4 & IPv6. The purpose is to allow or deny access to the Laravel routes by IP address. It is able to allow certain IPs (IPv4 or IPv6) to access default files or envirioments, and redirect non-authorized IPs or Users to an external URL, while letting whitelisted IPs to have access to the entire site or to a special Envirionment.
Installation
You can install the package via composer:
composer require marshmallow/ip-access
And publish the service provider (and config):
php artisan vendor:publish --provider="Marshmallow\IpAccess\IpAccessServiceProvider"
This is the contents of the published config file:
return [ 'enabled' => env('IPACCESS_ENABLED', true), 'whitelist_env' => env('IPACCESS_ENV', 'production'), 'whitelist' => [ 'range' => [ '127.0.0.*', ], 'list' => [ '127.0.0.1', ] ], 'redirect_to' => env('IPACCESS_DENIED_URL', null), 'response_status' => env('IPACCESS_DENIED_STATUS', 403), 'response_message' => env('IPACCESS_DENIED_MESSAGE', 'Access not Allowed'), ];
Optional
These are the optional .env variables to set up:
# ENABLED
IPACCESS_ENABLED=true
# ENV THAT IS CHECKED BY IP e.g. staging
IPACCESS_ENV=production
# ADDIOTNAL IP LIST
IPACCESS_WHITELIST="127.0.0.1,123.456.789.12" # SEPERATED BY ,
# URL TO REDIRECT TO:
IPACCESS_DENIED_URL="https://marshmallow.dev"
# IF URL NOT SET
IPACCESS_DENIED_STATUS=403 # REDIRECT STATUS
IPACCESS_DENIED_MESSAGE="Not allowed" # REDIRECT STATUS MESSAGE
Disable lock for routes and webhooks
If you are testing webhooks on an ip locked envoirment you need to open up your application so the webhooks won't be blocked. You can do this by adding values in the config array except
. Below you will find a few examples.
Just open up a route
Add a url to the array to just open it up. If this route is matched, the package will just let the request through.
'except' => [ 'webhook/*', ],
Open up with a secret
If you want to open up the route but want to require the request to have a secret, you can do so by adding some settings to the except array.
Via headers
'except' => [ 'webhook/*' => [ 'secret' => [ 'source' => 'header', 'key' => 'x-webhook-secret', 'value' => 'TEST_SECRET_HEADER', ], ], ], /** This request will be allowed by the config above. */ Http::withHeaders([ "x-webhook-secret" => "TEST_SECRET_HEADER" ])->get("https://marshmallow.dev/webhook/is/open");
Via body/query string
'except' => [ 'webhook/*' => [ 'secret' => [ 'source' => 'body', 'key' => 'secret', 'value' => 'TEST_SECRET_BODY', ], ], ], /** These requests will be allowed by the config above. */ Http::get("https://marshmallow.dev/webhook/is/open?secret=TEST_SECRET_BODY"); Http::get("https://marshmallow.dev/webhook/is/open", [ "secret" => "TEST_SECRET_BODY" ]); Http::post("https://marshmallow.dev/webhook/is/open", [ "secret" => "TEST_SECRET_BODY" ]);
Usage with Laravel Nova
If you want to keep track of the ip addresses that have access using Laravel Nova you need to follow the following steps.
To add an check for IP access in Nova, add the following to NovaServiceProvider:
Gate::define('viewNova', function ($user) { return IpAccess::hasBackofficeAccess(); }
Update your config file
Set use_nova
to true in config/ip-access.php
.
return [ 'use_nova' => true, ];
Run migrations
You need to run the migrations after you've update the config file so we have the tables we need to store the ip addresse.
php artisan migrate
Publish the Nova resource
The last step is publishing the Nova resource so you can manage all ip address in your Laravel Nova installation.
php artisan marshmallow:resource IpAccess IpAccess
Uninstall
Once your application is done and you are going to publish your application to production for the whole world to see, you can delete this package. You don't need it anymore and its always good practice to keep your code clean. Run the command below to uninstall this package. This command will delete the config
file. Delete the nova resource
, delete the migration
record, delete the ip_accesss
database table and remove the package from your composer
file. You will have to review and commit the changes in you GIT repository yourself.
php artisan ip-access:uninstall
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.