Disabled request lifecycle middleware on public routes

Effectively sets no cookies on public pages
This commit is contained in:
Julian Prieber 2023-07-19 18:14:19 +02:00
parent 53d74c7ac8
commit 658617c8bb
3 changed files with 57 additions and 52 deletions

View File

@ -29,13 +29,15 @@ class Kernel extends HttpKernel
* @var array
*/
protected $middlewareGroups = [
'web' => [
'AuthSession' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'web' => [
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
@ -43,6 +45,7 @@ class Kernel extends HttpKernel
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**

View File

@ -8,27 +8,30 @@ use App\Http\Controllers\Auth\NewPasswordController;
use App\Http\Controllers\Auth\PasswordResetLinkController;
use App\Http\Controllers\Auth\RegisteredUserController;
use App\Http\Controllers\Auth\VerifyEmailController;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
if(config('advanced-config.register_url') != '') {
if (config('advanced-config.register_url') != '') {
$register = config('advanced-config.register_url');
} else {
$register = "/register";
}
if(config('advanced-config.login_url') != '') {
if (config('advanced-config.login_url') != '') {
$login = config('advanced-config.login_url');
} else {
$login = "/login";
}
if(config('advanced-config.forgot_password_url') != '') {
if (config('advanced-config.forgot_password_url') != '') {
$forgot_password = config('advanced-config.forgot_password_url');
} else {
$forgot_password = "/forgot-password";
}
if(env('ALLOW_REGISTRATION') or $register !== '/register') {
Route::middleware(['web', 'AuthSession'])->group(function () use ($register, $login, $forgot_password) {
if (env('ALLOW_REGISTRATION') || $register !== '/register') {
Route::get($register, [RegisteredUserController::class, 'create'])
->middleware('guest')
->middleware('max.users')
@ -47,58 +50,58 @@ if(config('advanced-config.forgot_password_url') != '') {
});
}
Route::get($login, [AuthenticatedSessionController::class, 'create'])
->middleware('guest')
->name('login');
Route::get($login, [AuthenticatedSessionController::class, 'create'])
->middleware('guest')
->name('login');
Route::post($login, [AuthenticatedSessionController::class, 'store'])
->middleware('guest');
Route::post($login, [AuthenticatedSessionController::class, 'store'])
->middleware('guest');
Route::get( $forgot_password, [PasswordResetLinkController::class, 'create'])
->middleware('guest')
->name('password.request');
Route::get($forgot_password, [PasswordResetLinkController::class, 'create'])
->middleware('guest')
->name('password.request');
Route::post( $forgot_password, [PasswordResetLinkController::class, 'store'])
->middleware('guest')
->name('password.email');
Route::post($forgot_password, [PasswordResetLinkController::class, 'store'])
->middleware('guest')
->name('password.email');
Route::get('/reset-password/{token}', [NewPasswordController::class, 'create'])
->middleware('guest')
->name('password.reset');
Route::get('/reset-password/{token}', [NewPasswordController::class, 'create'])
->middleware('guest')
->name('password.reset');
Route::post('/reset-password', [NewPasswordController::class, 'store'])
->middleware('guest')
->name('password.update');
Route::post('/reset-password', [NewPasswordController::class, 'store'])
->middleware('guest')
->name('password.update');
Route::get('/verify-email', [EmailVerificationPromptController::class, '__invoke'])
->middleware('auth')
->name('verification.notice');
Route::get('/verify-email', [EmailVerificationPromptController::class, '__invoke'])
->middleware('auth')
->name('verification.notice');
Route::get('/verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke'])
->middleware(['auth', 'signed', 'throttle:6,1'])
->name('verification.verify');
Route::get('/verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke'])
->middleware(['auth', 'signed', 'throttle:6,1'])
->name('verification.verify');
Route::post('/email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
->middleware(['auth', 'throttle:6,1'])
->name('verification.send');
Route::post('/email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
->middleware(['auth', 'throttle:6,1'])
->name('verification.send');
Route::get('/confirm-password', [ConfirmablePasswordController::class, 'show'])
->middleware('auth')
->name('password.confirm');
Route::get('/confirm-password', [ConfirmablePasswordController::class, 'show'])
->middleware('auth')
->name('password.confirm');
Route::post('/confirm-password', [ConfirmablePasswordController::class, 'store'])
->middleware('auth');
Route::post('/confirm-password', [ConfirmablePasswordController::class, 'store'])
->middleware('auth');
Route::post('/logout', [AuthenticatedSessionController::class, 'destroy'])
->middleware('auth')
->name('logout');
Route::post('/logout', [AuthenticatedSessionController::class, 'destroy'])
->middleware('auth')
->name('logout');
Route::get('/blocked', function () {
$user = Auth::user();
if ($user && $user->block == 'yes') {
return view('auth.blocked');
} else {
return redirect(url('dashboard'));
}
})->name('blocked');
Route::get('/blocked', function () {
$user = Auth::user();
if ($user && $user->block == 'yes') {
return view('auth.blocked');
} else {
return redirect(url('dashboard'));
}
})->name('blocked');
});

View File

@ -96,7 +96,7 @@ Route::get('/vcard/{id?}', [UserController::class, 'vcard'])->name('vcard');
Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo');
Route::middleware(['auth', 'blocked', 'impersonate'])->group(function () {
Route::middleware(['AuthSession', 'auth', 'blocked', 'impersonate'])->group(function () {
//User route
Route::group([
'middleware' => env('REGISTER_AUTH'),
@ -141,11 +141,10 @@ Route::get('/studio/linkparamform_part/{typeid}/{linkid}', [LinkTypeViewControll
});
}
Route::middleware(['AuthSession', 'auth', 'blocked', 'impersonate'])->group(function () {
//Social login route
Route::get('/social-auth/{provider}/callback', [SocialLoginController::class, 'providerCallback']);
Route::get('/social-auth/{provider}', [SocialLoginController::class, 'redirectToProvider'])->name('social.redirect');
Route::middleware(['auth', 'blocked', 'impersonate'])->group(function () {
//Admin route
Route::group([
'middleware' => 'admin',