Browse Source

update hook to work with new TG BotAPI subnets

master
R4SAS 5 years ago
parent
commit
47f5d04493
  1. 26
      include/pages/tghook.inc.php

26
include/pages/tghook.inc.php

@ -3,10 +3,32 @@ $supress_master = 1;
define('TGAPI_URL', 'https://api.telegram.org/bot' . $config['push']['telegram']['api_key']); define('TGAPI_URL', 'https://api.telegram.org/bot' . $config['push']['telegram']['api_key']);
// https://gist.github.com/theMiddleBlue/6d5e9082e0c3c378bfb037795b2570b8 // Telegram Bot API webhook requests subnets
if(!preg_match('/^149\.154\.167\.(19[7-9]|20[0-9]|21[0-9]|22[0-9]|23[0-3])$/', $_SERVER['REMOTE_ADDR'])) { $tgAllowedSubnets = array("149.154.160.0/20", "91.108.4.0/22");
/**
* Checks if a given IP address matches the specified CIDR subnet/s
*
* @param string $ip The IP address to check
* @param mixed $cidrs The IP subnet (string) or subnets (array) in CIDR notation
* @param string $match optional If provided, will contain the first matched IP subnet
* @return boolean TRUE if the IP matches a given subnet or FALSE if it does not
*/
function ipMatch($ip, $cidrs, &$match = null) {
foreach((array) $cidrs as $cidr) {
list($subnet, $mask) = explode('/', $cidr);
if(((ip2long($ip) & ($mask = ~ ((1 << (32 - $mask)) - 1))) == (ip2long($subnet) & $mask))) {
$match = $cidr;
return true;
}
}
return false;
}
if(!ipMatch($_SERVER['REMOTE_ADDR'], $tgAllowedSubnets)) {
die('IP Address not allowed.'); die('IP Address not allowed.');
} }
if($_SERVER['REQUEST_METHOD'] != 'POST') { if($_SERVER['REQUEST_METHOD'] != 'POST') {
die('Request method not allowed.'); die('Request method not allowed.');
} }

Loading…
Cancel
Save