feat: network based access check support for admin api(s)

added STRAPI_ADMIN_ENABLE_NETWORK_CHECK and STRAPI_ADMIN_ALLOWED_IP_LIST env vars.
Akemona · May 28, 2024 · 3ca3cb3 · 3ca3cb3
1 parent 6aed026
commit 3ca3cb3
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/packages/strapi-admin/middlewares/auth/index.js b/packages/strapi-admin/middlewares/auth/index.js
@@ -7,6 +7,18 @@ module.exports = (strapi) => ({
     strapi.app.use(passportMiddleware);
 
     strapi.app.use(async (ctx, next) => {
+      if (
+        process.env.STRAPI_ADMIN_ENABLE_NETWORK_CHECK === 'true' &&
+        process.env.STRAPI_ADMIN_ALLOWED_IP_LIST
+      ) {
+        const allowedList = process.env.STRAPI_ADMIN_ALLOWED_IP_LIST.split(',').map((item) =>
+          item.trim()
+        );
+        if (!allowedList.includes(ctx.request.ip)) {
+          return ctx.forbidden('Invalid network');
+        }
+      }
+
       if (
         ctx.request.header.authorization &&
         ctx.request.header.authorization.split(' ')[0] === 'Bearer'