mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
071ca9bc2a00ab2d53ac20db4328a17ddc556478
librenms-librenms/app/Http/Middleware/AuthenticateGraph.php
Jellyfrog 2b3575a5e9 Laravel 10.x Shift (#14995) 
* Apply code style

* Remove explicit call to register policies

* Shift core files

* Shift config files

* Default config files

In an effort to make upgrading the constantly changing config files
easier, Shift defaulted them and merged your true customizations -
where ENV variables may not be used.

* Bump Laravel dependencies

* Add type hints for Laravel 10

* Shift cleanup

* wip

* wip

* sync translation

* Sync back config

* Public Path Binding

* QueryException

* monolog

* db::raw

* monolog

* db::raw

* fix larastan collections

* fix phpstan bug looping forever

* larastan errors

* larastan: fix column type

* styleci

* initialize array

* fixes

* fixes

---------

Co-authored-by: Shift <shift@laravelshift.com>
2023-05-24 22:21:54 +02:00

101 lines
2.9 KiB
PHP
Raw Blame History

<?php
/*
* AuthenticateGraph.php
*
* -Description-
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package LibreNMS
* @link http://librenms.org
* @copyright 2022 Tony Murray
* @author Tony Murray <murraytony@gmail.com>
*/
namespace App\Http\Middleware;
use Closure;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use LibreNMS\Config;
use LibreNMS\Exceptions\InvalidIpException;
use LibreNMS\Util\IP;
class AuthenticateGraph
{
/** @var string[] */
protected $auth = [
\App\Http\Middleware\LegacyExternalAuth::class,
\App\Http\Middleware\Authenticate::class,
\App\Http\Middleware\VerifyTwoFactor::class,
\App\Http\Middleware\LoadUserPreferences::class,
];
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $relative
*
* @throws \Illuminate\Auth\AuthenticationException
*/
public function handle(Request $request, Closure $next, $relative = null): Response
{
// if user is logged in, allow
if (\Auth::check()) {
return $next($request);
}
// bypass normal auth if signed
if ($request->hasValidSignature($relative !== 'relative')) {
return $next($request);
}
// bypass normal auth if ip is allowed (or all IPs)
if ($this->isAllowed($request)) {
return $next($request);
}
// unauthenticated, force login
throw new AuthenticationException('Unauthenticated.');
}
protected function isAllowed(Request $request): bool
{
if (Config::get('allow_unauth_graphs', false)) {
d_echo("Unauthorized graphs allowed\n");
return true;
}
$ip = $request->getClientIp();
try {
$client_ip = IP::parse($ip);
foreach (Config::get('allow_unauth_graphs_cidr', []) as $range) {
if ($client_ip->inNetwork($range)) {
d_echo("Unauthorized graphs allowed from $range\n");
return true;
}
}
} catch (InvalidIpException $e) {
d_echo("Client IP ($ip) is invalid.\n");
}
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink