You should only list the reverse proxies that you manage directly.
| public static setTrustedProxies ( array $proxies ) | ||
| $proxies | array | A list of trusted proxies |
$json = $swagger->getResource($resourceName, $resourceOptions);
$resourceName = str_replace(DIRECTORY_SEPARATOR, '-', ltrim($resourceName, DIRECTORY_SEPARATOR));
$output[$resourceName] = $json;
}
$filename = $docDir . '/api-docs.json';
file_put_contents($filename, Swagger::jsonEncode($resourceList, true));
foreach ($output as $name => $json) {
$name = str_replace(DIRECTORY_SEPARATOR, '-', ltrim($name, DIRECTORY_SEPARATOR));
$filename = $docDir . '/' . $name . '.json';
file_put_contents($filename, $json);
}
}
}
if (Config::get('swagger.behind-reverse-proxy')) {
$proxy = Request::server('REMOTE_ADDR');
Request::setTrustedProxies(array($proxy));
}
Blade::setEscapedContentTags('{{{', '}}}');
Blade::setContentTags('{{', '}}');
//need the / at the end to avoid CORS errors on Homestead systems.
$response = response()->view('swagger::index', array('secure' => Request::secure(), 'urlToDocs' => url(Config::get('swagger.doc-route')), 'requestHeaders' => Config::get('swagger.requestHeaders')));
//need the / at the end to avoid CORS errors on Homestead systems.
/*$response = Response::make(
View::make('swaggervel::index', array(
'secure' => Request::secure(),
'urlToDocs' => url(Config::get('swaggervel.doc-route')),
'requestHeaders' => Config::get('swaggervel.requestHeaders') )
),
200
);*/
if (Config::has('swagger.viewHeaders')) {
// Register events first so that they can be used by other providers.
$list->registerProvider($config->get('app.providers.core_events'));
// Register all other providers
$list->registerProviders($config->get('app.providers'));
/**
* ----------------------------------------------------------------------------
* Set trusted proxies and headers for the request
* ----------------------------------------------------------------------------
*/
if ($proxyHeaders = $config->get('concrete.security.trusted_proxies.headers')) {
foreach ($proxyHeaders as $key => $value) {
Request::setTrustedHeaderName($key, $value);
}
}
if ($trustedProxiesIps = $config->get('concrete.security.trusted_proxies.ips')) {
Request::setTrustedProxies($trustedProxiesIps);
}
/**
* ----------------------------------------------------------------------------
* Legacy Definitions
* ----------------------------------------------------------------------------
*/
define('APP_VERSION', $config->get('concrete.version'));
define('APP_CHARSET', $config->get('concrete.charset'));
try {
define('BASE_URL', \Core::getApplicationURL());
} catch (\Exception $x) {
echo $x->getMessage();
die(1);
}
define('DIR_REL', $cms['app_relative_path']);
<?php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Request::setTrustedProxies(['103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '104.16.0.0/12', '108.162.192.0/18', '141.101.64.0/18', '162.158.0.0/15', '172.64.0.0/13', '173.245.48.0/20', '188.114.96.0/20', '190.93.240.0/20', '197.234.240.0/22', '198.41.128.0/17', '199.27.128.0/21']);
Route::group(['middleware' => 'dashboard'], function () {
Route::get('/', ['as' => 'home', 'uses' => 'PageController@showPage']);
Route::get('/configurations', ['as' => 'config', 'uses' => 'PageController@showPage']);
Route::get('/sidebar-menu', ['as' => 'sidebar', 'uses' => 'PageController@showPage']);
Route::get('/alert', ['as' => 'alert', 'uses' => 'PageController@showPage']);
Route::get('/breadcrumbs', ['as' => 'breadcrumbs', 'uses' => 'PageController@showPage']);
Route::get('/view-customise', ['as' => 'customise.index', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/logo', ['as' => 'customise.logo', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/topbar', ['as' => 'customise.topbar', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/sidebar', ['as' => 'customise.sidebar', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/control-sidebar', ['as' => 'customise.control_sidebar', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/footer', ['as' => 'customise.footer', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/assets/head', ['as' => 'customise.assets.head', 'uses' => 'PageController@showPage']);
Route::get('/view-customise/assets/foot', ['as' => 'customise.assets.foot', 'uses' => 'PageController@showPage']);
});
Route::post('/alerts', function () {
if (Input::has('success')) {
app('alert')->success(Input::get('message'));
| Here you may handle any errors that occur in your application, including
| logging them or displaying custom views for specific errors. You may
| even register several error handlers to handle different types of
| exceptions. If nothing is returned, the default error view is
| shown, which includes a detailed stack trace during debug.
|
*/
App::error(function (Exception $exception, $code) {
Log::error($exception);
});
/*
|--------------------------------------------------------------------------
| Application Proxy Configuration
|-------------------------------------------------------------------------
*/
Request::setTrustedProxies(array('*'));
/*
|--------------------------------------------------------------------------
| Maintenance Mode Handler
|--------------------------------------------------------------------------
|
| The "down" Artisan command gives you the ability to put an application
| into maintenance mode. Here, you will define what is displayed back
| to the user if maintenance mode is in effect for the application.
|
*/
App::down(function () {
return Response::make("Be right back!", 503);
});
/*
|--------------------------------------------------------------------------
<?php
/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
Request::setTrustedProxies([$request->getClientIP()]);
});
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function () {
if (Auth::guest()) {
return Redirect::to('user/login');
/*
|--------------------------------------------------------------------------
| Laraeval Routes
|--------------------------------------------------------------------------
|
*/
// Filter access by IP
Route::filter('ipaddr', function () {
$allowed_ips = Config::get('laraeval::allowed_ips');
// check for proxy
$proxies = Config::get('laraeval::trusted_proxies');
if (!is_array($proxies) and $proxies === '*') {
// trust all ip
$proxies = array(Request::getClientIp());
}
Request::setTrustedProxies($proxies);
$user_ip = Request::getClientIp();
if (!in_array($user_ip, $allowed_ips)) {
App::abort(401, sprintf('Access Denied from %s!', htmlentities($user_ip)));
}
});
// Main page for entering the code
Route::get('laraeval', array('before' => 'ipaddr', function () {
$default_code = <<<CODE
// Laraeval Shortcut
// -----------------
// CTRL+ENTER for executing the code
// CTRL+, for switching to code window
// CTRL+. for switching to output window
// CTRL+SHIFT+. for switching to profiler window
CODE;
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
// CloudFlare IP addresses to trust
// Proxies obtained from https://www.cloudflare.com/ips-v4
// Cached for 1 week
try {
Request::setTrustedProxies(Cache::remember('cloudflare.ips', 24 * 60 * 7, function () {
$request = App::make('guzzle')->get('https://www.cloudflare.com/ips-v4');
return explode("\n", $request->getBody());
}));
} catch (Exception $e) {
Cache::forget('cloudflare.ips');
Log::error($e);
}
// If request is not secured and force secured connection is enabled
// then we need to redirect the user to a secure link.
if (!Request::secure() && Config::get('bfacp.site.ssl') && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) {
$path = Request::path();
if (strlen(Request::server('QUERY_STRING')) > 0) {
$path .= '?' . Request::server('QUERY_STRING');
}
$status = in_array(Request::getMethod(), ['POST', 'PUT', 'DELETE']) ? 307 : 302;
return Redirect::secure($path, $status);
}
Validator::replacer('mbmax', function ($message, $attribute, $rule, $parameters) {
return str_replace(':max', $parameters[0], $message);
});
/*
|--------------------------------------------------------------------------
| Trust proxy headers
|--------------------------------------------------------------------------
|
| Checks if the site is behind a proxy server (or a load balancer) and
| set whether to trust the client IP sent in the request that comes via
| the proxy intermediary.
|
*/
if (Site::config('general')->proxy) {
// Trust the client proxy address
Request::setTrustedProxies(array(Request::getClientIp()));
// Trust the client IP header
Request::setTrustedHeaderName(\Symfony\Component\HttpFoundation\Request::HEADER_CLIENT_IP, 'X-Forwarded-For');
// Trust the client protocol header
Request::setTrustedHeaderName(\Symfony\Component\HttpFoundation\Request::HEADER_CLIENT_PROTO, 'X-Forwarded-Proto');
}
/*
|--------------------------------------------------------------------------
| Handle application errors
|--------------------------------------------------------------------------
|
| Shows custom screens for app errors. This is mainly done to show a
| friendly error message and to throw errors with ease from the view.
|
*/
App::error(function ($exception, $code) {
