From 0d805c00cce0e26c06fa4872be83ad765ae96757 Mon Sep 17 00:00:00 2001
From: Julian Prieber <60265788+JulianPrieber@users.noreply.github.com>
Date: Thu, 14 Dec 2023 23:19:28 +0100
Subject: [PATCH] Added Middleware to remove cookies on public routes

---
 app/Http/Kernel.php                    |  2 ++
 app/Http/Middleware/DisableCookies.php | 29 ++++++++++++++++++++++++++
 routes/home.php                        |  4 ++++
 routes/web.php                         | 12 +++++------
 4 files changed, 41 insertions(+), 6 deletions(-)
 create mode 100644 app/Http/Middleware/DisableCookies.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 0c06ba2..ab484d0 100755
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -54,9 +54,11 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
+        'disableCookies' => \App\Http\Middleware\DisableCookies::class,
         'auth' => \App\Http\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
+        'homepage' => \App\Http\Middleware\Homepage::class,
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
         'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
diff --git a/app/Http/Middleware/DisableCookies.php b/app/Http/Middleware/DisableCookies.php
new file mode 100644
index 0000000..a5f593f
--- /dev/null
+++ b/app/Http/Middleware/DisableCookies.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Cookie;
+use Illuminate\Http\Request;
+
+class DisableCookies
+{
+
+    public function handle(Request $request, Closure $next)
+    {
+        $cookiesAlreadySet = $request->hasCookie(strtolower(config('app.name')).'_session') || $request->hasCookie('XSRF-TOKEN');
+
+        if ($cookiesAlreadySet) {
+            return $next($request);
+        }
+
+        Cookie::queue(Cookie::forget(strtolower(config('app.name')).'_session'));
+        Cookie::queue(Cookie::forget('XSRF-TOKEN'));
+        config(['session.driver' => 'array']);
+
+        $response = $next($request);
+        $response->headers->remove('Set-Cookie');
+
+        return $response;
+    }
+}
diff --git a/routes/home.php b/routes/home.php
index 352a9af..f8dd912 100644
--- a/routes/home.php
+++ b/routes/home.php
@@ -1,6 +1,8 @@
 <?php
 use App\Http\Controllers\UserController;
 
+Route::middleware('disableCookies')->group(function () {
+
 $host = request()->getHost();
 $customConfigs = config('advanced-config.custom_domains', []);
 
@@ -43,3 +45,5 @@ if (env('HOME_URL') != '') {
         Route::get('/', [App\Http\Controllers\HomeController::class, 'home'])->name('home');
     }
 }
+
+});
\ No newline at end of file
diff --git a/routes/web.php b/routes/web.php
index f85fa0c..19cadea 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -68,13 +68,13 @@ Route::get('/panel/diagnose', function () {
 
 //Public route
 $custom_prefix = config('advanced-config.custom_url_prefix');
-Route::get('/going/{id?}', [UserController::class, 'clickNumber'])->where('link', '.*')->name('clickNumber');
+Route::get('/going/{id?}', [UserController::class, 'clickNumber'])->where('link', '.*')->name('clickNumber')->middleware('disableCookies');
 Route::get('/info/{id?}', [AdminController::class, 'redirectInfo'])->name('redirectInfo');
 if($custom_prefix != ""){Route::get('/' . $custom_prefix . '{littlelink}', [UserController::class, 'littlelink'])->name('littlelink');}
-Route::get('/@{littlelink}', [UserController::class, 'littlelink'])->name('littlelink');
-Route::get('/pages/'.strtolower(footer('Terms')), [AdminController::class, 'pagesTerms'])->name('pagesTerms');
-Route::get('/pages/'.strtolower(footer('Privacy')), [AdminController::class, 'pagesPrivacy'])->name('pagesPrivacy');
-Route::get('/pages/'.strtolower(footer('Contact')), [AdminController::class, 'pagesContact'])->name('pagesContact');
+Route::get('/@{littlelink}', [UserController::class, 'littlelink'])->name('littlelink')->middleware('disableCookies');
+Route::get('/pages/'.strtolower(footer('Terms')), [AdminController::class, 'pagesTerms'])->name('pagesTerms')->middleware('disableCookies');
+Route::get('/pages/'.strtolower(footer('Privacy')), [AdminController::class, 'pagesPrivacy'])->name('pagesPrivacy')->middleware('disableCookies');
+Route::get('/pages/'.strtolower(footer('Contact')), [AdminController::class, 'pagesContact'])->name('pagesContact')->middleware('disableCookies');
 Route::get('/theme/@{littlelink}', [UserController::class, 'theme'])->name('theme');
 Route::get('/vcard/{id?}', [UserController::class, 'vcard'])->name('vcard');
 Route::get('/u/{id?}', [UserController::class, 'userRedirect'])->name('userRedirect');
@@ -82,7 +82,7 @@ Route::get('/u/{id?}', [UserController::class, 'userRedirect'])->name('userRedir
 Route::get('/report', function () {return view('report');});
 Route::post('/report', [UserController::class, 'report'])->name('report');
 
-Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo');
+Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo')->middleware('disableCookies');
 
 }