From 3f7f9ce7e6e88e3fe16a3fc39a6bea818e0fa784 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Pie=C5=82a?= <mateusz@noreply.git.mateuszdev.eu>
Date: Mon, 26 Apr 2021 23:06:08 +0200
Subject: [PATCH] Whitelist working

---
 includes/app.php | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/includes/app.php b/includes/app.php
index cc5a2ca..08e104a 100644
--- a/includes/app.php
+++ b/includes/app.php
@@ -22,7 +22,7 @@ class App
      * Main application loop
      */
     public function start(){
-        if($this->checkIfRequestMethodIsPost() && $this->checkAuthorization())  {
+        if($this->checkIfRequestMethodIsPost() && $this->checkAuthorization() && $this->checkIfIpOnWhitelistAndWhitelistEnabled())  {
             $this->handleIncomingData();
         }
     }
@@ -44,6 +44,25 @@ class App
         return false;
     }
 
+    /**
+     * Check if whitelist and ip address is in whitelist
+     */
+    private function checkIfIpOnWhitelistAndWhitelistEnabled(){
+        if($this->config->ip_whitelist)
+        {
+            if(in_array($this->getRealIPAddr(),$this->config->ips_whitelist_list))
+            {
+                return true;
+            }else
+            {
+                return false;
+            }
+        }
+        else
+        {
+            return true;
+        }
+    }
     /**
      * Check if request method is post
      * @return bool
@@ -70,4 +89,23 @@ class App
         $xmpp->sendMessage($wh->getMessage());
         $xmpp->disconnect();
     }
+
+    private function getRealIPAddr()
+    {
+        if (!empty($_SERVER['HTTP_CLIENT_IP']))
+        {
+            $ip = $_SERVER['HTTP_CLIENT_IP'];
+        }
+
+        elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+        {
+            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        }
+        else
+        {
+            $ip = $_SERVER['REMOTE_ADDR'];
+        }
+
+        return $ip;
+    }
 }
\ No newline at end of file