I'm using Laravel Passport as my API authentication mechanism. Everything is working as expected, but i need to add an extra validation for each request. The idea is to validate the client IP Address alongside the access_token that is sent to the server.
Any idea how i can accomplish this?
UPDATE: I want to check if the IP used in the authentication (when the user logged in) is the same as the one doing the requestes. If the IP is different, the client must login again.
Ip address could be checked any where, but if require to get before Passport need middleware:
create app/Http/Middleware/IpMiddleware.php class
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Request;
class IpMiddleware
{
public function handle(Request $request, \Closure $next)
{
$ip = null;
if (getenv('HTTP_CF_CONNECTING_IP')) {
$ip = getenv('HTTP_CF_CONNECTING_IP');
} else if (getenv('HTTP_CLIENT_IP')) {
$ip = getenv('HTTP_CLIENT_IP');
} else if (getenv('HTTP_X_FORWARDED_FOR')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} else if (getenv('HTTP_X_FORWARDED')) {
$ip = getenv('HTTP_X_FORWARDED');
} else if (getenv('HTTP_FORWARDED_FOR')) {
$ip = getenv('HTTP_FORWARDED_FOR');
} else if (getenv('HTTP_FORWARDED')) {
$ip = getenv('HTTP_FORWARDED');
} else if (getenv('REMOTE_ADDR')) {
$ip = getenv('REMOTE_ADDR');
}
if (!$ip || $ip === '::1') {
$ip = $request->ip();
}
$ipAddress = \explode(',', $ip ?? '127.0.0.1')[0];
return $next($request);
}
}
in app/Http/Kernel.php add 'ip' => \App\Http\Middleware\IpMiddleware::class,
protected $routeMiddleware = [
'ip' => \App\Http\Middleware\IpMiddleware::class,
];
in routes/web.php
Route::group(['middleware' => ['ip', 'auth:api']], function () {
//your routes
});