LinkStack/app/Http/Middleware/Impersonate.php

168 lines
4.9 KiB
PHP
Raw Normal View History

<?php
namespace App\Http\Middleware;
2023-07-14 18:18:41 +02:00
2023-07-22 13:32:20 +02:00
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Str;
use App\Models\User;
use Closure;
class Impersonate
{
public function handle($request, Closure $next)
{
2023-07-22 13:32:20 +02:00
if(Schema::hasColumn('users', 'auth_as')) {
2023-07-13 18:56:23 +02:00
$adminUser = User::where('role', 'admin')->where(function ($query) {
$query->where('auth_as', '!=', null)
2023-07-14 18:18:41 +02:00
->where('auth_as', '!=', '');
2023-07-13 18:56:23 +02:00
})->first();
2023-07-13 19:25:00 +02:00
if ($adminUser && is_numeric($adminUser->auth_as)) {
2023-07-14 18:18:41 +02:00
$originalUserId = $adminUser->id;
$impersonateUserId = is_numeric($adminUser->auth_as) ? $adminUser->auth_as : $adminUser->id;
$impersonateUser = User::find($impersonateUserId);
$impersonateUserName = $impersonateUser->name;
if (Auth::user()->id === $originalUserId) {
$token = Str::random(60);
if (\Route::currentRouteName() !== 'authAs') {
$adminUser->remember_token = $token;
$adminUser->save();
}
Auth::loginUsingId($impersonateUserId);
$request->session()->put('display_auth_nav', $token);
$request->session()->save();
}
2023-07-14 18:18:41 +02:00
if ($request->session()->has('display_auth_nav')) {
$dashboardUrl = url('dashboard');
$authAsUrl = url('/auth-as');
$csrfToken = csrf_token();
$rememberTokenUser = User::find($originalUserId);
$rememberToken = $rememberTokenUser->remember_token;
$storageToken = $request->session()->get('display_auth_nav');
if ($storageToken === $rememberToken) {
if (file_exists(base_path(findAvatar($impersonateUserId)))) {
$avatarUrl = url(findAvatar($impersonateUserId));
} elseif (file_exists(base_path("assets/linkstack/images/") . findFile('avatar'))) {
$avatarUrl = url("assets/linkstack/images/") . "/" . findFile('avatar');
} else {
$avatarUrl = asset('assets/linkstack/images/logo.svg');
}
$customHtml = <<<EOD
<style>
.ibar {
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 67px;
background-color: #4d4c51;
z-index: 911;
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.1);
}
.itext1 {
color: white;
font-family: "Inter", sans-serif;
font-size: 18px;
display: flex;
align-items: center;
justify-content: space-between;
padding: 17px 16px;
}
.itext1 span a {
display: flex;
align-items: center;
justify-content: space-between;
}
.itext1 a {
color: white;
text-decoration: none;
}
.itext1 svg {
width: 32px;
height: 32px;
fill: currentColor;
margin-left: 8px;
margin-bottom: 4px;
}
.iimg {
width: 32px;
height: 32px;
margin-right: 8px;
margin-bottom: 3px;
}
.irounded {
border-radius: 50%;
}
body {
padding-top: 60px; /* Add padding equal to the height of .ibar */
}
</style>
<div class="ibar">
<p class="itext1">
<span>
2023-07-14 18:18:41 +02:00
<a href="$dashboardUrl"><img alt="avatar" class="iimg irounded" src="$avatarUrl">$impersonateUserName</a>
</span>
<a style="cursor:pointer" onclick="document.getElementById('submitForm').submit(); return false;">
<svg xmlns="http://www.w3.org/2000/svg" class="bi bi-x" viewBox="0 0 16 16">
<path
d="M4.646 4.646a.5.5 0 0 1 .708 0L8 7.293l2.646-2.647a.5.5 0 0 1 .708.708L8.707 8l2.647 2.646a.5.5 0 0 1-.708.708L8 8.707l-2.646 2.647a.5.5 0 0 1-.708-.708L7.293 8 4.646 5.354a.5.5 0 0 1 0-.708z"
/>
</svg>
</a>
</p>
</div>
2023-07-14 18:18:41 +02:00
<form id="submitForm" action="$authAsUrl" method="POST" style="display: none;">
<input type="hidden" name="_token" value="$csrfToken">
<input type="hidden" name="token" value="$rememberToken">
<input type="hidden" name="id" value="$originalUserId">
</form>
<script>
function submitForm() {
document.getElementById('submitForm').submit();
}
</script>
2023-07-14 18:18:41 +02:00
EOD;
} else {
$customHtml = "";
}
$response = $next($request);
$content = $response->getContent();
$modifiedContent = preg_replace('/<body([^>]*)>/', "<body$1>{$customHtml}", $content);
$response->setContent($modifiedContent);
return $response;
} else {
if ($request->session()->has('display_auth_nav')) {
$request->session()->forget('display_auth_nav');
Auth::logout();
}
return $next($request);
}
2023-07-14 18:18:41 +02:00
} else {
return $next($request);
2023-07-14 18:18:41 +02:00
}
2023-07-22 13:32:20 +02:00
} else {
return $next($request);
}
}
}