3 months ago · 32a1c290f1
--- a/Modules/Camera/Routes/api.php
+++ b/Modules/Camera/Routes/api.php
@@ -53,7 +53,7 @@ Route::namespace('Api')->group(function () {
 
				     Route::get('camera/get_total_string', 'CameraApiController@getTotalString');//宁煤摄像头统计字符串
			
 
				     Route::get('test', 'CameraApiController@test');
			
 
				     Route::post('oss_url','CameraApiController@ossUrl');//文章图片上传至阿里云
			
 
				-    Route::post('article_list','CameraApiController@articleList');//文章列表
			
 
				+    Route::post('article_list','CameraApiController@articleList')->middleware('accesskey');//文章列表
			
 
				     Route::post('duty_information','CameraApiController@dutyInformation');//值班信息
			
 
				     Route::post('type_list','CameraApiController@typeList');//分类列表
			
 
				     Route::post('camera_record_insert','CameraApiController@cameraRecordInsert');//摄像托访问记录入库
			
@@ -105,4 +105,4 @@ Route::namespace('Api')->group(function () {
 
				     Route::post('task_xixuan/dahua_talk','CameraApiController@dahuaTalk');//大华语音对讲
			
 
				     Route::post('task_xixuan/dahua_stop_talk','CameraApiController@dahuaStopTalk');//大华语音对讲
			
 
				     Route::post('task_xixuan/hik_talk','CameraApiController@hikTalk');//海康语音对讲
			
 
				-});
			
 
				+});
			
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -60,6 +60,7 @@ class Kernel extends HttpKernel
 
				         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
			
 
				         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
			
 
				         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
			
 
				+        'accesskey' => \App\Http\Middleware\AccessKeyMiddleware::class,
			
 
				     ];
			
 
				 
			
 
				     /**
			
--- a/app/Http/Middleware/AccessKeyMiddleware.php
+++ b/app/Http/Middleware/AccessKeyMiddleware.php
@@ -0,0 +1,51 @@
 
				+<?php
			
 
				+
			
 
				+namespace App\Http\Middleware;
			
 
				+
			
 
				+use Closure;
			
 
				+use Illuminate\Http\Request;
			
 
				+use Illuminate\Support\Facades\Config;
			
 
				+
			
 
				+class AccessKeyMiddleware
			
 
				+{
			
 
				+    public function handle(Request $request, Closure $next)
			
 
				+    {
			
 
				+        $clientIp = $request->header('X-Forwarded-For');
			
 
				+        if (!$clientIp) {
			
 
				+            $clientIp = $request->ip();
			
 
				+        }
			
 
				+        $accessKeyInHeader = $request->header('accesskey');
			
 
				+        $accessKeyInEnv = env('VALID_ACCESS_KEY');
			
 
				+        $internalIpRanges = [
			
 
				+            '10.0.0.0/8',
			
 
				+            '172.16.0.0/12',
			
 
				+            '192.168.0.0/16'
			
 
				+        ];
			
 
				+        $isInternalIp = false;
			
 
				+        foreach ($internalIpRanges as $range) {
			
 
				+            if (strpos($range, '/')!== false) {
			
 
				+                list($subnet, $bits) = explode('/', $range);
			
 
				+                $ipLong = ip2long($clientIp);
			
 
				+                $subnetLong = ip2long($subnet);
			
 
				+                $mask = -1 << (32 - $bits);
			
 
				+                if (($ipLong & $mask) === ($subnetLong & $mask)) {
			
 
				+                    $isInternalIp = true;
			
 
				+                    break;
			
 
				+                }
			
 
				+            } elseif ($clientIp === $range) {
			
 
				+                $isInternalIp = true;
			
 
				+                break;
			
 
				+            }
			
 
				+        }
			
 
				+
			
 
				+        if ($accessKeyInHeader == $accessKeyInEnv && !empty($accessKeyInHeader)) {
			
 
				+            return $next($request);
			
 
				+        } else if($isInternalIp) {
			
 
				+            return $next($request);
			
 
				+        } else  {
			
 
				+            return response()->json(['message' => 'Access denied'], 403);
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				+
			
 
				+}