You've already forked Atomcms-edit
Initial commit
This commit is contained in:
root
Executable
+124
@@ -0,0 +1,124 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Models\Miscellaneous\WebsiteBlockedCountry;
|
||||
use App\Models\Miscellaneous\WebsiteIpBlacklist;
|
||||
use App\Models\Miscellaneous\WebsiteIpWhitelist;
|
||||
use App\Services\IpLookupService;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class VPNCheckerMiddleware
|
||||
{
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$isEnabled = setting('vpn_block_enabled') === '1';
|
||||
|
||||
if (! $isEnabled) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
if (hasPermission('bypass_vpn')) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
$userIp = $request->ip();
|
||||
|
||||
if (WebsiteIpWhitelist::where('ip_address', $userIp)->exists()) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
if (WebsiteIpBlacklist::where('ip_address', $userIp)->exists()) {
|
||||
return $this->denyAccess($request);
|
||||
}
|
||||
|
||||
$ipService = new IpLookupService('');
|
||||
|
||||
$countryInfo = $ipService->getCountryInfo($userIp);
|
||||
|
||||
if (! empty($countryInfo['country_code'])) {
|
||||
$countryCode = $countryInfo['country_code'];
|
||||
|
||||
if (WebsiteBlockedCountry::where('country_code', $countryCode)->exists()) {
|
||||
return $this->denyAccess($request);
|
||||
}
|
||||
|
||||
$countryWhitelisted = WebsiteIpWhitelist::where('country_code', $countryCode)
|
||||
->where('whitelist_country', true)
|
||||
->exists();
|
||||
|
||||
if (! $countryWhitelisted) {
|
||||
$countryBlacklisted = WebsiteIpBlacklist::where('country_code', $countryCode)
|
||||
->where('blacklist_country', true)
|
||||
->exists();
|
||||
|
||||
if ($countryBlacklisted) {
|
||||
return $this->denyAccess($request);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$threatInfo = $ipService->checkVpnProxyTor($userIp);
|
||||
|
||||
if (! empty($threatInfo['asn'])) {
|
||||
$asnWhitelisted = WebsiteIpWhitelist::where('asn', $threatInfo['asn'])
|
||||
->where('whitelist_asn', true)
|
||||
->exists();
|
||||
|
||||
if (! $asnWhitelisted) {
|
||||
$asnBlacklisted = WebsiteIpBlacklist::where('asn', $threatInfo['asn'])
|
||||
->where('blacklist_asn', true)
|
||||
->exists();
|
||||
|
||||
if ($asnBlacklisted) {
|
||||
return $this->denyAccess($request);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$blockVpn = setting('block_vpn') === '1';
|
||||
$blockTor = setting('block_tor') === '1';
|
||||
$blockMalicious = setting('block_malicious') === '1';
|
||||
|
||||
$shouldBlock = false;
|
||||
|
||||
if ($blockVpn && ($threatInfo['is_vpn'] ?? false)) {
|
||||
$shouldBlock = true;
|
||||
}
|
||||
|
||||
if ($blockTor && ($threatInfo['is_tor'] ?? false)) {
|
||||
$shouldBlock = true;
|
||||
}
|
||||
|
||||
if ($blockMalicious && ($threatInfo['is_malicious'] ?? false)) {
|
||||
$shouldBlock = true;
|
||||
}
|
||||
|
||||
if ($shouldBlock) {
|
||||
WebsiteIpBlacklist::create([
|
||||
'ip_address' => $userIp,
|
||||
'asn' => $threatInfo['asn'] ?? null,
|
||||
'country_code' => $countryInfo['country_code'] ?? null,
|
||||
]);
|
||||
|
||||
return $this->denyAccess($request);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
private function denyAccess(Request $request): Response
|
||||
{
|
||||
if ($request->expectsJson()) {
|
||||
return response()->json([
|
||||
'message' => __('Your IP has been restricted - If you think this is a mistake, you can contact us on our Discord.'),
|
||||
], 403);
|
||||
}
|
||||
|
||||
return to_route('me.show')->withErrors([
|
||||
'message' => __('Your IP has been restricted - If you think this is a mistake, you can contact us on our Discord.'),
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user