shield icon indicating copy to clipboard operation
shield copied to clipboard

Published 20 hours ago verified publisher icon codeigniter4

Dev: Add IP Restriction for Access Token and HMAC in Shield

Open datamweb opened this issue 9 months ago • 1 comments

Why?

If a token or HMAC key is leaked, it can only be used from specified IP addresses(Enhanced Security). Requests from unknown IPs will be rejected(Prevents Unauthorized Access). Many financial and payment services use this method(Industry Standard for Sensitive APIs).

Demo:

Image

  1. Store allowed_ips in the extra field (as JSON) or add a dedicated allowed_ips column to auth_identities
  2. Store allowed IPs when generating a token
  3. Validate IP when using a token
  4. Allow enabling/disabling this feature in Config/AuthToken.php
  5. Support for multi IPs

If you disagree or have suggestions for improvement, feel free to comment.

datamweb avatar Feb 27 '25 02:02 datamweb

Dedicated column sounds reasonable.

I wouldn't limit this functionality to tokens only. This may be useful to any channel of authentication.

michalsn avatar Feb 27 '25 13:02 michalsn