feat: add validate_resource_server_ip feature flag to config and check to validate

Signed-off-by: romanetar <roman_ag@hotmail.com>

Author: romanetar

.env.example

@@ -115,6 +115,8 @@ AUTH_PASSWORD_SHAPE_PATTERN="^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^
 AUTH_PASSWORD_SHAPE_WARNING="Password must include at least one uppercase letter, one lowercase letter, one number, and one special character."
 
 
+OAUTH2_VALIDATE_RESOURCE_SERVER_IP=true
+
 #Open Telemetry
 OTEL_SERVICE_ENABLED=true
 OTEL_SERVICE_NAME=idp-api

app/Models/OAuth2/ResourceServer.php

@@ -65,7 +65,10 @@ class ResourceServer extends BaseEntity
      * @return bool
      */
     public function isOwn($ip)
-    {   $provided_ips = array_map('trim', explode(',', $ip));
+    {
+        if (!config('oauth2.validate_resource_server_ip', true)) return true;
+
+        $provided_ips = array_map('trim', explode(',', $ip));
         $own_ips = array_map('trim', explode(',', $this->ips));
         Log::debug
         (

config/oauth2.php

@@ -0,0 +1,15 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Validate Resource Server IP Address
+    |--------------------------------------------------------------------------
+    |
+    | When enabled, validates that the resource server IP address matches
+    | the request IP and the access token audience.
+    |
+    */
+    'validate_resource_server_ip' => env('OAUTH2_VALIDATE_RESOURCE_SERVER_IP', true),
+];