前后台API添加IP屏蔽功能

2021-04-01 17:34:14 +08:00 · 2021-04-01 17:34:14 +08:00 · 4db3a64b2c
parent 0c494ee2b3
commit 4db3a64b2c
4 changed files with 28 additions and 1 deletions
--- a/application/common.php
+++ b/application/common.php
@ -460,3 +460,21 @@ if (!function_exists('xss_clean')) {
        return \app\common\library\Security::instance()->xss_clean($content, $is_image);
    }
 }
+
+if (!function_exists('check_ip_allowed')) {
+    /**
+     * 检测IP是否允许
+     * @param string $ip IP地址
+     */
+    function check_ip_allowed($ip = null)
+    {
+        $ip = is_null($ip) ? request()->ip() : $ip;
+        $forbiddenipArr = config('site.forbiddenip');
+        $forbiddenipArr = !$forbiddenipArr ? [] : $forbiddenipArr;
+        $forbiddenipArr = is_array($forbiddenipArr) ? $forbiddenipArr : array_filter(explode("\n", str_replace("\r\n", "\n", $forbiddenipArr)));
+        if ($forbiddenipArr && \Symfony\Component\HttpFoundation\IpUtils::checkIp($ip, $forbiddenipArr)) {
+            header('HTTP/1.1 403 Forbidden');
+            exit;
+        }
+    }
+}
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@ -95,6 +95,9 @@ class Api
        //跨域请求检测
        check_cors_request();

+        // 检测IP是否允许
+        check_ip_allowed();
+
        //移除HTML标签
        $this->request->filter('trim,strip_tags,htmlspecialchars');

--- a/application/common/controller/Backend.php
+++ b/application/common/controller/Backend.php
@ -131,6 +131,9 @@ class Backend extends Controller
        // 定义是否AJAX请求
        !defined('IS_AJAX') && define('IS_AJAX', $this->request->isAjax());

+        // 检测IP是否允许
+        check_ip_allowed();
+
        $this->auth = Auth::instance();

        // 设置当前请求的URI
@ -540,7 +543,7 @@ class Backend extends Controller
            if ($primaryvalue !== null && preg_match("/^[a-z0-9_\-]+$/i", $primarykey)) {
                $primaryvalue = array_unique(is_array($primaryvalue) ? $primaryvalue : explode(',', $primaryvalue));
                //修复自定义data-primary-key为字符串内容时，给排序字段添加上引号
-                $primaryvalue=   array_map(function ($value) {
+                $primaryvalue = array_map(function ($value) {
                    return '\'' . $value . '\'';
                }, $primaryvalue);

--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@ -48,6 +48,9 @@ class Frontend extends Controller
        $controllername = Loader::parseName($this->request->controller());
        $actionname = strtolower($this->request->action());

+        // 检测IP是否允许
+        check_ip_allowed();
+
        // 如果有使用模板布局
        if ($this->layout) {
            $this->view->engine->layout('layout/' . $this->layout);