Last active
October 12, 2017 02:18
Star
You must be signed in to star a gist
Add toran-proxy web authorize, and composer request not validated.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
use Symfony\Component\HttpFoundation\Request; | |
error_reporting(0); | |
$uri = parse_url($_SERVER['REQUEST_URI'])['path']; | |
$uri = trim($uri, '/'); | |
if (in_array($uri, [ | |
'', 'app.php', | |
'settings', 'app.php/settings', | |
'repositories', 'app.php/repositories', | |
'packagist', 'app.php/packagist', | |
'docs/bootstrap.md', 'app.php/docs/bootstrap.md', | |
])) { | |
authLogin(); | |
} | |
function authLogin() { | |
// username => password | |
$validPasswds = [ | |
'wangwl' => 'test', | |
'zhangpc' => 'test', | |
]; | |
$user = $_SERVER['PHP_AUTH_USER']; | |
$pass = $_SERVER['PHP_AUTH_PW']; | |
$validated = array_key_exists($user, $validPasswds) && $pass == $validPasswds[$user]; | |
if (!$validated) { | |
header('WWW-Authenticate: Basic realm="wilon.github.io"'); | |
header('HTTP/1.0 401 Unauthorized'); | |
die ("Not authorized"); | |
} | |
return $user; | |
} | |
/** | |
* @var Composer\Autoload\ClassLoader | |
*/ | |
$loader = require __DIR__.'/../app/autoload.php'; | |
include_once __DIR__.'/../app/bootstrap.php.cache'; | |
// Enable the line below to display errors and troubleshoot a broken setup | |
// Symfony\Component\Debug\Debug::enable(); | |
$kernel = new AppKernel('prod', false); | |
$kernel->loadClassCache(); | |
$request = Request::createFromGlobals(); | |
$response = $kernel->handle($request); | |
$response->send(); | |
$kernel->terminate($request, $response); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When set
TORAN_AUTH_ENABLE
false, devolopers can use Toran Proxy composer service whit no authorize.But you don't want people visit Toran Proxy settings. Just replace the
toran/web/app.php
——