我们正在从前面创建的自定义框架迁移我们的网站到laravel 5.我们有一个生产网站和一个开发网站.除非满足某些特定情况,否则是否有限制访问开发站点的简单解决方案?
我对以下方法之一感兴趣:
我正在寻找的解决方案是从开发到生产上传时我不想改变的,并且如果可能的话,它希望遵循以下逻辑:
if(liveSite){
Show everything, no restrictions
}elseif(developmentSite){
Hide everything, unrestrict based on logic
}
我们目前使用单独的.htaccess文件执行此操作,但我不想跟踪两个单独的文件并覆盖可能性
您可以为其创建中间件并使用当前配置的环境,请求IP和身份验证系统来限制访问.首先运行以下命令创建中间件:
php artisan make:middleware DevelopmentAccess
然后在新app/Http/Middleware/DevelopmentAccess.php文件中添加以下逻辑:
namespace App\Http\Middleware;
use Closure;
class DevelopmentAccess
{
/**
* Client IPs allowed to access the app.
* Defaults are loopback IPv4 and IPv6 for use in local development.
*
* @var array
*/
protected $ipWhitelist = ['127.0.0.1', '::1'];
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (app()->environment() != 'production' && $this->clientNotAllowed()) {
return abort(403, 'You are not authorized to access this');
}
return $next($request);
}
/**
* Checks if current request client is allowed to access the app.
*
* @return boolean
*/
protected function clientNotAllowed()
{
$isAllowedIP = in_array(request()->ip(), $this->ipWhitelist);
return (!$isAllowedIP && auth()->guest())
|| ($isAllowedIP && !auth()->guest());
}
}
将中间件注册到内核的$routeMiddleware数组中app/Http/Kernel.php:
protected $routeMiddleware = [
....
'dev' => \App\Http\Middleware\DevelopmentAccess::class,
];
然后相应地限制路线:
Route::group(['middleware' => 'dev'], function()
{
// All routes that need restricting for non-approved clients go here
});
// Routes that need access such as "login" go outside the group
get('/login', 'SessionController@login');
逻辑很简单:如果环境不是production(不是实时的)并且用户IP被列入白名单或者用户被认证,那么他们就有权访问.