Skip to content

Instantly share code, notes, and snippets.

@wilon
Last active October 12, 2017 02:18
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save wilon/aaf8e444cd081a48f25dd15f5d2c43fa to your computer and use it in GitHub Desktop.
Add toran-proxy web authorize, and composer request not validated.
<?php
use Symfony\Component\HttpFoundation\Request;
error_reporting(0);
$uri = parse_url($_SERVER['REQUEST_URI'])['path'];
$uri = trim($uri, '/');
if (in_array($uri, [
'', 'app.php',
'settings', 'app.php/settings',
'repositories', 'app.php/repositories',
'packagist', 'app.php/packagist',
'docs/bootstrap.md', 'app.php/docs/bootstrap.md',
])) {
authLogin();
}
function authLogin() {
// username => password
$validPasswds = [
'wangwl' => 'test',
'zhangpc' => 'test',
];
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$validated = array_key_exists($user, $validPasswds) && $pass == $validPasswds[$user];
if (!$validated) {
header('WWW-Authenticate: Basic realm="wilon.github.io"');
header('HTTP/1.0 401 Unauthorized');
die ("Not authorized");
}
return $user;
}
/**
* @var Composer\Autoload\ClassLoader
*/
$loader = require __DIR__.'/../app/autoload.php';
include_once __DIR__.'/../app/bootstrap.php.cache';
// Enable the line below to display errors and troubleshoot a broken setup
// Symfony\Component\Debug\Debug::enable();
$kernel = new AppKernel('prod', false);
$kernel->loadClassCache();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
@wilon
Copy link
Author

wilon commented Sep 14, 2017

When set TORAN_AUTH_ENABLE false, devolopers can use Toran Proxy composer service whit no authorize.

But you don't want people visit Toran Proxy settings. Just replace the toran/web/app.php ——

wget -O YOUR_TORAN_PROJECT/web/app.php https://gist.githubusercontent.com/wilon/aaf8e444cd081a48f25dd15f5d2c43fa/raw/9c72cea4686b178c682ad0823c17997c5db26c29/app.php

@wilon
Copy link
Author

wilon commented Oct 12, 2017

aaaa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment