Laravel Horizon - Authorizing Access via IP Addresses on Production Environments

horizon-authorization-example.md

So, with Laravel Horizon here, I ventured to use it. I found something though, it is possible, but VERY difficult to get the current user in the App Service Provider.

I set out a different route, using IP Addresses.

Since our office has a static IP, I modified the following:

.env - Adding the remote addresses as a JSON encoded array to a new variable

REMOTE_ADDRESSES='["xxx.xxx.xxx.xxx"]'

AppServiceProvider.php - Added logic in that will check the remote address against the array, if it is found, they get in.

Horizon::auth(function ($request) {
  $address = $request->server->get('REMOTE_ADDR');
  $allowed_addresses = json_decode(env('REMOTE_ADDRESSES'));
  return (in_array($address, $allowed_addresses));
});

This allowed me to in the production enviorment, still view all of the queues and supervisors running across now 3 servers, 2 in the US, and 1 in the EU.

I just have to say, @taylorotwell, THANK YOU for this. I have been building my own every time for some type of interface that would do this, but this, is 100000x better.

If you have modifications, or other examples, like doing one via permissions of a logged in user, please share! I wasn't able to get the permission version working in the few hours I was tinkering with Horizon, but I am going to continue to look down that path.

In case you still need it, I do it like this:

Horizon::auth(function () {
	if (!auth()->user()) {
	    return false;
	}

	return auth()->user()->can('monitor-jobs');
});

This not work for me. In my case, i am use middleware and working well.

<?php

namespace App\Http\Middleware;
use Closure;

class HorizonMiddleware
{
    public function handle($request, Closure $next)
    {
        if ($request->ip() != 'Your IP Address') {
            abort(403);
        }
        return $next($request);
    }
}

register middleware in kernel with name horizon

'horizon' => \App\Http\Middleware\HorizonMiddleware::class,

And set in config/horizon.php

'middleware' => ['horizon'],

@gibrandev did you do something else ? I've created the middleware it's applied but I still have a forbidden error.

Did you change something in the gate method in HorizonServiceProvider ?

I just want to filter with IP, no user logged at all

@gibrandev did you do something else ? I've created the middleware it's applied but I still have a forbidden error.

Did you change something in the gate method in HorizonServiceProvider ?

I just want to filter with IP, no user logged at all

The ip used must be the public ip of your network

For anyone stumbling across this, I was able to accomplish this with the gate() function in HorizonServiceProvider.php:

    protected function gate()
    {
        Gate::define('viewHorizon', function ($user = null) {
            $allowed_addresses = json_decode(env('REMOTE_ADDRESSES'));
            return in_array(request()->ip(), $allowed_addresses);
        });
    }

Take note of $user = null as described in the Laravel Docs here.