From 53fced64303be66942239cd53ccdcfe3634a8c9f Mon Sep 17 00:00:00 2001 From: romanetar Date: Thu, 15 Jan 2026 16:58:56 +0100 Subject: [PATCH] feat: add validate_resource_server_ip feature flag to config and check to validate Signed-off-by: romanetar --- .env.example | 2 ++ app/Models/OAuth2/ResourceServer.php | 5 ++++- config/oauth2.php | 15 +++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 config/oauth2.php diff --git a/.env.example b/.env.example index 30eb92d0..0d1c7994 100644 --- a/.env.example +++ b/.env.example @@ -115,6 +115,8 @@ AUTH_PASSWORD_SHAPE_PATTERN="^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^ AUTH_PASSWORD_SHAPE_WARNING="Password must include at least one uppercase letter, one lowercase letter, one number, and one special character." +OAUTH2_VALIDATE_RESOURCE_SERVER_IP=true + #Open Telemetry OTEL_SERVICE_ENABLED=true OTEL_SERVICE_NAME=idp-api diff --git a/app/Models/OAuth2/ResourceServer.php b/app/Models/OAuth2/ResourceServer.php index ae8d7ea5..d6d487f7 100644 --- a/app/Models/OAuth2/ResourceServer.php +++ b/app/Models/OAuth2/ResourceServer.php @@ -65,7 +65,10 @@ class ResourceServer extends BaseEntity * @return bool */ public function isOwn($ip) - { $provided_ips = array_map('trim', explode(',', $ip)); + { + if (!config('oauth2.validate_resource_server_ip', true)) return true; + + $provided_ips = array_map('trim', explode(',', $ip)); $own_ips = array_map('trim', explode(',', $this->ips)); Log::debug ( diff --git a/config/oauth2.php b/config/oauth2.php new file mode 100644 index 00000000..2b482422 --- /dev/null +++ b/config/oauth2.php @@ -0,0 +1,15 @@ + env('OAUTH2_VALIDATE_RESOURCE_SERVER_IP', true), +];