Giter VIP home page Giter VIP logo

craft3-restrict's Introduction

Note: This plugin has been abandoned. Use Knock Knock as an alternative.

Restrict plugin for Craft CMS 3.x

Restrict access to the CP based on a IP whitelist

Screenshot

Requirements

This plugin requires Craft CMS 3.0.0-beta.23 or later.

Installation

To install the plugin, follow these instructions.

  1. Open your terminal and go to your Craft project:

     cd /path/to/project

  2. Then tell Composer to load the plugin:

     composer require superbig/craft3-restrict

  3. In the Control Panel, go to Settings → Plugins and click the “Install” button for Restrict.

Configuring Restrict

<?php
return [
    'enabled'     => true,

    // Add any IPs you want to be able to access the CP. You can also use CIDR notation such as 192.168.0.0/24
    'ipWhitelist' => [ '::1', '127.0.0.1' ],

    // Logged in admins can bypass the whitelist
    'allowAdmins' => true,

    // By default, the plugin will throw a exception if the IP isn't in the whitelist
    // If you want to redirect to an url instead, set it here
    'redirectUrl' => null,

    // Or you want to render a template, set it here
    'template'    => null
];

Using Restrict

  1. Copy the sample config file restrict.php into Craft's config folder, by default craft/config.
  2. Add the IPs you want to allow access to the CP, and change the other settings as you see fit.

Brought to you by Superbig

craft3-restrict's People

Contributors

sjelfull avatar jamesmacwhite avatar brandonkelly avatar

Stargazers

avatar Giuseppe Gallo avatar Jason Mayo avatar Ilya avatar avatar Toru KOKUBUN avatar Tim Crook avatar Martin Leveille avatar

Watchers

avatar James Cloos avatar

Forkers

brandonkelly nottinghamcollege artdepartmentmj art-department

craft3-restrict's Issues

FR: IP whitelist settings field

Currently the plugin works with an array of IP address/range values. Perhaps a future idea would be for the Restrict plugin to have a settings field that can store IP addresses.

My initial thoughts would be a multi line text field where each IP address/range would be separated on a new line. I feel there would need to be additional validation to make sure each line contains a valid IP address/range before being committed to a settings field.

Throw 403 status code?

craft3-restrict/src/services/RestrictService.php

Line 74 in 1268ae2

Craft::$app->response->redirect($redirectUrl);

It feels like a site administrator should be able to throw a 403 error rather than just do a 302 redirect over to a normal page. Would you be interested in a pull request for this? Thought would be that out of the box it would work as it does now (to maintain backwards compatibility), but if they set a config bool of throw403 or something like that, then we could throw a normal 403 exception that can be handled by 403.twig / error.twig, etc.

Global fields returning NULL when using Craft::$app->globals in restrict.php

I have a global field that contains IP address/range values. It's actually using the tag fieldtype but customised to represent IP addresses and labels. I'm pointing the returned values to the ipWhitelist config value. However this seems to be having an interesting side effect, where by it makes returning other non related global values elsewhere as NULL (mainly text fields, entry/category fields seem OK). It's definitely related to the restrict.php config as if I disable the restrict plugin the problem goes away, if I then remove my custom config that uses the global and keep restrict enabled, the problem also goes away, so it seems calling Craft::$app->globals in restrict.php is the issue, however I'm not sure why this breaks.

I did find some related info about this:

craftcms/cms#3028
nystudio107/craft-seomatic#108

FR: Support for wildcard/CIDR notation for whitelisting IP addresses

In a Craft 2 project I use this plugin to whitelist the CP to a set of IP addresses within our organisation and a few individuals, these were a combination of single IP addresses as well as "ranges". I ended up hacking in support for ranges by basically making the plugin aware of the "*" character using regex so something like 192.168.* would match all IP addresses beginning with 192.168.

It would be nice if this could be possible in the Craft 3 plugin. Performance wise I'm not sure the regex approach is ideal for large amounts of IP addresses. It would probably be better to handle CIDR notation like 192.168.0.0/24 or similar, but this would require a fair bit of work hence the feature request!

Not recognizing IPs in restrict.php file

I just added the plugin to a Craft site running 3.4.22.1
I added the IPs as listed
'ipWhitelist' => [ '::1', '127.0.0.1', '00.000.000.000', '00.000.000.000', '00.000.000.000'],

But none of the users can access the backend. We cleared the site cache but we are still getting blocked.
Our file is in /config/restrict.php

Any suggestions?

Template option and potential race condition with other plugins

@sjelfull It occurred to me I never followed up regarding your comment on #5 (comment). How rude of me, apologies.

So I looked into the issue a bit more, so the scenario can be in some cases when using the template option and pointing to a template that uses extends that may reference other plugins i.e. twig filters etc, you will get an error when Restrict tries to render the template, because it won't exist at that time.

In the plugins init function, if you change the existing check service call to:

Event::on(
    Plugins::class,
    Plugins::EVENT_AFTER_LOAD_PLUGINS,
    function () {
        if (Craft::$app->getRequest()->isCpRequest) {
	    $this->restrictService->check();
        }
    }
);

This fixes that problem and allows the rendering of the template to continue, as it's now being loaded after everything else. However, I think some further thought is needed around:

https://github.com/sjelfull/craft3-restrict/blob/master/src/services/RestrictService.php#L88

Fixing the potential race condition shows that the head and footer section of the specified template do not get parsed, instead we see the placeholders: https://github.com/yiisoft/yii2-framework/blob/master/web/View.php <![CDATA[YII-BLOCK-HEAD]]> and <![CDATA[YII-BLOCK-BODY-END]]>. The makes sense because it's simply being echo'd without any Yii awareness in this regard.

Wondered what your thoughts are?

Thanks!

Does this work with Craft 3?

Tried porting this plugin with existing configuration from Craft 2 to Craft 3 - behavior seems to be the opposite of what is advertised i.e. site is only accessible if you are logged in to Craft through the CP

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.