From 658617c8bb2574a241f5384ea18857828eb6a690 Mon Sep 17 00:00:00 2001 From: Julian Prieber <60265788+JulianPrieber@users.noreply.github.com> Date: Wed, 19 Jul 2023 18:14:19 +0200 Subject: [PATCH] =?UTF-8?q?Disabled=C2=A0request=20lifecycle=20middleware?= =?UTF-8?q?=20on=20public=20routes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Effectively sets no cookies on public pages --- app/Http/Kernel.php | 7 +++- routes/auth.php | 97 +++++++++++++++++++++++---------------------- routes/web.php | 5 +-- 3 files changed, 57 insertions(+), 52 deletions(-) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 14565be..b2bc24e 100755 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -29,13 +29,15 @@ class Kernel extends HttpKernel * @var array */ protected $middlewareGroups = [ - 'web' => [ + 'AuthSession' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, - // \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, + ], + + 'web' => [ \Illuminate\Routing\Middleware\SubstituteBindings::class, ], @@ -43,6 +45,7 @@ class Kernel extends HttpKernel 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], + ]; /** diff --git a/routes/auth.php b/routes/auth.php index 838125e..b4585cd 100755 --- a/routes/auth.php +++ b/routes/auth.php @@ -8,27 +8,30 @@ use App\Http\Controllers\Auth\NewPasswordController; use App\Http\Controllers\Auth\PasswordResetLinkController; use App\Http\Controllers\Auth\RegisteredUserController; use App\Http\Controllers\Auth\VerifyEmailController; +use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Route; -if(config('advanced-config.register_url') != '') { +if (config('advanced-config.register_url') != '') { $register = config('advanced-config.register_url'); } else { $register = "/register"; } -if(config('advanced-config.login_url') != '') { +if (config('advanced-config.login_url') != '') { $login = config('advanced-config.login_url'); } else { $login = "/login"; } -if(config('advanced-config.forgot_password_url') != '') { +if (config('advanced-config.forgot_password_url') != '') { $forgot_password = config('advanced-config.forgot_password_url'); } else { $forgot_password = "/forgot-password"; } - if(env('ALLOW_REGISTRATION') or $register !== '/register') { +Route::middleware(['web', 'AuthSession'])->group(function () use ($register, $login, $forgot_password) { + + if (env('ALLOW_REGISTRATION') || $register !== '/register') { Route::get($register, [RegisteredUserController::class, 'create']) ->middleware('guest') ->middleware('max.users') @@ -47,58 +50,58 @@ if(config('advanced-config.forgot_password_url') != '') { }); } -Route::get($login, [AuthenticatedSessionController::class, 'create']) - ->middleware('guest') - ->name('login'); + Route::get($login, [AuthenticatedSessionController::class, 'create']) + ->middleware('guest') + ->name('login'); -Route::post($login, [AuthenticatedSessionController::class, 'store']) - ->middleware('guest'); + Route::post($login, [AuthenticatedSessionController::class, 'store']) + ->middleware('guest'); -Route::get( $forgot_password, [PasswordResetLinkController::class, 'create']) - ->middleware('guest') - ->name('password.request'); + Route::get($forgot_password, [PasswordResetLinkController::class, 'create']) + ->middleware('guest') + ->name('password.request'); -Route::post( $forgot_password, [PasswordResetLinkController::class, 'store']) - ->middleware('guest') - ->name('password.email'); + Route::post($forgot_password, [PasswordResetLinkController::class, 'store']) + ->middleware('guest') + ->name('password.email'); -Route::get('/reset-password/{token}', [NewPasswordController::class, 'create']) - ->middleware('guest') - ->name('password.reset'); + Route::get('/reset-password/{token}', [NewPasswordController::class, 'create']) + ->middleware('guest') + ->name('password.reset'); -Route::post('/reset-password', [NewPasswordController::class, 'store']) - ->middleware('guest') - ->name('password.update'); + Route::post('/reset-password', [NewPasswordController::class, 'store']) + ->middleware('guest') + ->name('password.update'); -Route::get('/verify-email', [EmailVerificationPromptController::class, '__invoke']) - ->middleware('auth') - ->name('verification.notice'); + Route::get('/verify-email', [EmailVerificationPromptController::class, '__invoke']) + ->middleware('auth') + ->name('verification.notice'); -Route::get('/verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke']) - ->middleware(['auth', 'signed', 'throttle:6,1']) - ->name('verification.verify'); + Route::get('/verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke']) + ->middleware(['auth', 'signed', 'throttle:6,1']) + ->name('verification.verify'); -Route::post('/email/verification-notification', [EmailVerificationNotificationController::class, 'store']) - ->middleware(['auth', 'throttle:6,1']) - ->name('verification.send'); + Route::post('/email/verification-notification', [EmailVerificationNotificationController::class, 'store']) + ->middleware(['auth', 'throttle:6,1']) + ->name('verification.send'); -Route::get('/confirm-password', [ConfirmablePasswordController::class, 'show']) - ->middleware('auth') - ->name('password.confirm'); + Route::get('/confirm-password', [ConfirmablePasswordController::class, 'show']) + ->middleware('auth') + ->name('password.confirm'); -Route::post('/confirm-password', [ConfirmablePasswordController::class, 'store']) - ->middleware('auth'); + Route::post('/confirm-password', [ConfirmablePasswordController::class, 'store']) + ->middleware('auth'); -Route::post('/logout', [AuthenticatedSessionController::class, 'destroy']) - ->middleware('auth') - ->name('logout'); + Route::post('/logout', [AuthenticatedSessionController::class, 'destroy']) + ->middleware('auth') + ->name('logout'); -Route::get('/blocked', function () { - $user = Auth::user(); - if ($user && $user->block == 'yes') { - return view('auth.blocked'); - } else { - return redirect(url('dashboard')); - } - })->name('blocked'); - \ No newline at end of file + Route::get('/blocked', function () { + $user = Auth::user(); + if ($user && $user->block == 'yes') { + return view('auth.blocked'); + } else { + return redirect(url('dashboard')); + } + })->name('blocked'); +}); diff --git a/routes/web.php b/routes/web.php index bcbc132..99baf16 100755 --- a/routes/web.php +++ b/routes/web.php @@ -96,7 +96,7 @@ Route::get('/vcard/{id?}', [UserController::class, 'vcard'])->name('vcard'); Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo'); -Route::middleware(['auth', 'blocked', 'impersonate'])->group(function () { +Route::middleware(['AuthSession', 'auth', 'blocked', 'impersonate'])->group(function () { //User route Route::group([ 'middleware' => env('REGISTER_AUTH'), @@ -141,11 +141,10 @@ Route::get('/studio/linkparamform_part/{typeid}/{linkid}', [LinkTypeViewControll }); } +Route::middleware(['AuthSession', 'auth', 'blocked', 'impersonate'])->group(function () { //Social login route Route::get('/social-auth/{provider}/callback', [SocialLoginController::class, 'providerCallback']); Route::get('/social-auth/{provider}', [SocialLoginController::class, 'redirectToProvider'])->name('social.redirect'); - -Route::middleware(['auth', 'blocked', 'impersonate'])->group(function () { //Admin route Route::group([ 'middleware' => 'admin',