You've already forked Atomcms-edit
root
125 lines
3.7 KiB
PHP
Executable File
125 lines
3.7 KiB
PHP
Executable File
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Models\Miscellaneous\WebsiteBlockedCountry;
|
|
use App\Models\Miscellaneous\WebsiteIpBlacklist;
|
|
use App\Models\Miscellaneous\WebsiteIpWhitelist;
|
|
use App\Services\IpLookupService;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class VPNCheckerMiddleware
|
|
{
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
$isEnabled = setting('vpn_block_enabled') === '1';
|
|
|
|
if (! $isEnabled) {
|
|
return $next($request);
|
|
}
|
|
|
|
if (hasPermission('bypass_vpn')) {
|
|
return $next($request);
|
|
}
|
|
|
|
$userIp = $request->ip();
|
|
|
|
if (WebsiteIpWhitelist::where('ip_address', $userIp)->exists()) {
|
|
return $next($request);
|
|
}
|
|
|
|
if (WebsiteIpBlacklist::where('ip_address', $userIp)->exists()) {
|
|
return $this->denyAccess($request);
|
|
}
|
|
|
|
$ipService = new IpLookupService;
|
|
|
|
$countryInfo = $ipService->getCountryInfo($userIp);
|
|
|
|
if (! empty($countryInfo['country_code'])) {
|
|
$countryCode = $countryInfo['country_code'];
|
|
|
|
if (WebsiteBlockedCountry::where('country_code', $countryCode)->exists()) {
|
|
return $this->denyAccess($request);
|
|
}
|
|
|
|
$countryWhitelisted = WebsiteIpWhitelist::where('country_code', $countryCode)
|
|
->where('whitelist_country', true)
|
|
->exists();
|
|
|
|
if (! $countryWhitelisted) {
|
|
$countryBlacklisted = WebsiteIpBlacklist::where('country_code', $countryCode)
|
|
->where('blacklist_country', true)
|
|
->exists();
|
|
|
|
if ($countryBlacklisted) {
|
|
return $this->denyAccess($request);
|
|
}
|
|
}
|
|
}
|
|
|
|
$threatInfo = $ipService->checkVpnProxyTor($userIp);
|
|
|
|
if (! empty($threatInfo['asn'])) {
|
|
$asnWhitelisted = WebsiteIpWhitelist::where('asn', $threatInfo['asn'])
|
|
->where('whitelist_asn', true)
|
|
->exists();
|
|
|
|
if (! $asnWhitelisted) {
|
|
$asnBlacklisted = WebsiteIpBlacklist::where('asn', $threatInfo['asn'])
|
|
->where('blacklist_asn', true)
|
|
->exists();
|
|
|
|
if ($asnBlacklisted) {
|
|
return $this->denyAccess($request);
|
|
}
|
|
}
|
|
}
|
|
|
|
$blockVpn = setting('block_vpn') === '1';
|
|
$blockTor = setting('block_tor') === '1';
|
|
$blockMalicious = setting('block_malicious') === '1';
|
|
|
|
$shouldBlock = false;
|
|
|
|
if ($blockVpn && ($threatInfo['is_vpn'] ?? false)) {
|
|
$shouldBlock = true;
|
|
}
|
|
|
|
if ($blockTor && ($threatInfo['is_tor'] ?? false)) {
|
|
$shouldBlock = true;
|
|
}
|
|
|
|
if ($blockMalicious && ($threatInfo['is_malicious'] ?? false)) {
|
|
$shouldBlock = true;
|
|
}
|
|
|
|
if ($shouldBlock) {
|
|
WebsiteIpBlacklist::create([
|
|
'ip_address' => $userIp,
|
|
'asn' => $threatInfo['asn'] ?? null,
|
|
'country_code' => $countryInfo['country_code'] ?? null,
|
|
]);
|
|
|
|
return $this->denyAccess($request);
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
private function denyAccess(Request $request): Response
|
|
{
|
|
if ($request->expectsJson()) {
|
|
return response()->json([
|
|
'message' => __('Your IP has been restricted - If you think this is a mistake, you can contact us on our Discord.'),
|
|
], 403);
|
|
}
|
|
|
|
return to_route('me.show')->withErrors([
|
|
'message' => __('Your IP has been restricted - If you think this is a mistake, you can contact us on our Discord.'),
|
|
]);
|
|
}
|
|
}
|