Merge pull request #150 from j122j/add-trusted-proxies

Add trusted proxies

.env.example

@@ -5,11 +5,11 @@ APP_DEBUG=false
 APP_URL=http://localhost
 
 DB_CONNECTION=mysql
-DB_HOST=controlpanel_mysql
+DB_HOST=127.0.0.1
 DB_PORT=3306
-DB_DATABASE=controlpanel
-DB_USERNAME=root
-DB_PASSWORD=root
+DB_DATABASE=dashboard
+DB_USERNAME=dashboarduser
+DB_PASSWORD=
 
 #without a pterodactyl api token, this panel won't work!
 PTERODACTYL_TOKEN=

README.md

@@ -6,6 +6,7 @@
 - Admin Dashboard
 - User/Server Management
 - Store (credit system)
+- Vouchers
 - and so much more!
 
 # ControlPanel-gg
@@ -18,7 +19,7 @@ ControlPanel's Dashboard is a dashboard application designed to offer clients a
 
 This dashboard offers an easy to use and free billing solution for all starting and experienced hosting providers. This dashboard has many customization options and added discord 0auth verification to offer a solid link between your discord server and your dashboard.
 
-### [Installation](https://github.com/ControlPanel-gg/dashboard/wiki "Installation")
+### [Installation](https://github.com/ControlPanel-gg/dashboard/wiki/Installation "Installation")
 ### [Updating](https://github.com/ControlPanel-gg/dashboard/wiki/Updating "Updating")
 ### [Discord](https://discord.gg/4Y6HjD2uyU "discord")
 ### [Contributing](https://github.com/ControlPanel-gg/dashboard/wiki/Contributing "Contributing")

bootstrap/cache/.gitignore

@@ -0,0 +1,54 @@
+<?php
+
+return [
+    /*
+     * Set trusted proxy IP addresses.
+     *
+     * Both IPv4 and IPv6 addresses are
+     * supported, along with CIDR notation.
+     *
+     * The "*" character is syntactic sugar
+     * within TrustedProxy to trust any proxy
+     * that connects directly to your server,
+     * a requirement when you cannot know the address
+     * of your proxy (e.g. if using Rackspace balancers).
+     *
+     * The "**" character is syntactic sugar within
+     * TrustedProxy to trust not just any proxy that
+     * connects directly to your server, but also
+     * proxies that connect to those proxies, and all
+     * the way back until you reach the original source
+     * IP. It will mean that $request->getClientIp()
+     * always gets the originating client IP, no matter
+     * how many proxies that client's request has
+     * subsequently passed through.
+     */
+    'proxies' => in_array(env('TRUSTED_PROXIES', []), ['*', '**']) ?
+        env('TRUSTED_PROXIES') : explode(',', env('TRUSTED_PROXIES', null)),
+
+    /*
+     * Or, to trust all proxies that connect
+     * directly to your server, uncomment this:
+     */
+    // 'proxies' => '*',
+
+    /*
+     * Or, to trust ALL proxies, including those that
+     * are in a chain of forwarding, uncomment this:
+     */
+    // 'proxies' => '**',
+
+    /*
+     * Default Header Names
+     *
+     * Change these if the proxy does
+     * not send the default header names.
+     *
+     * Note that headers such as X-Forwarded-For
+     * are transformed to HTTP_X_FORWARDED_FOR format.
+     *
+     * The following are Symfony defaults, found in
+     * \Symfony\Component\HttpFoundation\Request::$trustedHeaders
+     */
+    'headers' => \Illuminate\Http\Request::HEADER_X_FORWARDED_ALL,
+];