Skip to content

Instantly share code, notes, and snippets.

@brianclogan
Created August 2, 2017 02:43
Show Gist options
  • Save brianclogan/ffbddcf88cec991ab71612772dc3ffc7 to your computer and use it in GitHub Desktop.
Save brianclogan/ffbddcf88cec991ab71612772dc3ffc7 to your computer and use it in GitHub Desktop.
Laravel Horizon - Authorizing Access via IP Addresses on Production Environments

So, with Laravel Horizon here, I ventured to use it. I found something though, it is possible, but VERY difficult to get the current user in the App Service Provider.

I set out a different route, using IP Addresses.

Since our office has a static IP, I modified the following:

.env - Adding the remote addresses as a JSON encoded array to a new variable

REMOTE_ADDRESSES='["xxx.xxx.xxx.xxx"]'

AppServiceProvider.php - Added logic in that will check the remote address against the array, if it is found, they get in.

Horizon::auth(function ($request) {
  $address = $request->server->get('REMOTE_ADDR');
  $allowed_addresses = json_decode(env('REMOTE_ADDRESSES'));
  return (in_array($address, $allowed_addresses));
});

This allowed me to in the production enviorment, still view all of the queues and supervisors running across now 3 servers, 2 in the US, and 1 in the EU.

I just have to say, @taylorotwell, THANK YOU for this. I have been building my own every time for some type of interface that would do this, but this, is 100000x better.

@brianclogan
Copy link
Author

If you have modifications, or other examples, like doing one via permissions of a logged in user, please share! I wasn't able to get the permission version working in the few hours I was tinkering with Horizon, but I am going to continue to look down that path.

@johanvanhelden
Copy link

In case you still need it, I do it like this:

Horizon::auth(function () {
	if (!auth()->user()) {
	    return false;
	}

	return auth()->user()->can('monitor-jobs');
});

@gibrandev
Copy link

This not work for me. In my case, i am use middleware and working well.

<?php

namespace App\Http\Middleware;
use Closure;

class HorizonMiddleware
{
    public function handle($request, Closure $next)
    {
        if ($request->ip() != 'Your IP Address') {
            abort(403);
        }
        return $next($request);
    }
}

register middleware in kernel with name horizon

'horizon' => \App\Http\Middleware\HorizonMiddleware::class,

And set in config/horizon.php

'middleware' => ['horizon'],

@Ashraam
Copy link

Ashraam commented Nov 26, 2020

@gibrandev did you do something else ? I've created the middleware it's applied but I still have a forbidden error.

Did you change something in the gate method in HorizonServiceProvider ?

I just want to filter with IP, no user logged at all

@gibrandev
Copy link

@gibrandev did you do something else ? I've created the middleware it's applied but I still have a forbidden error.

Did you change something in the gate method in HorizonServiceProvider ?

I just want to filter with IP, no user logged at all

The ip used must be the public ip of your network

@dallin
Copy link

dallin commented Oct 24, 2022

For anyone stumbling across this, I was able to accomplish this with the gate() function in HorizonServiceProvider.php:

    protected function gate()
    {
        Gate::define('viewHorizon', function ($user = null) {
            $allowed_addresses = json_decode(env('REMOTE_ADDRESSES'));
            return in_array(request()->ip(), $allowed_addresses);
        });
    }

Take note of $user = null as described in the Laravel Docs here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment