diff --git a/src/app/Http/Kernel.php b/src/app/Http/Kernel.php index d042dfc4..69a6845b 100644 --- a/src/app/Http/Kernel.php +++ b/src/app/Http/Kernel.php @@ -1,88 +1,101 @@ [ // \App\Http\Middleware\EncryptCookies::class, // \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, // \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, // \Illuminate\View\Middleware\ShareErrorsFromSession::class, // \App\Http\Middleware\VerifyCsrfToken::class, // \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'api' => [ 'throttle:120,1', 'bindings', ], ]; /** * The application's route middleware. * * These middleware may be assigned to groups or used individually. * * @var array */ protected $routeMiddleware = [ 'admin' => \App\Http\Middleware\AuthenticateAdmin::class, 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, ]; /** * The priority-sorted list of middleware. * * This forces non-global middleware to always be in the given order. * * @var array */ protected $middlewarePriority = [ \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\AuthenticateAdmin::class, \App\Http\Middleware\Authenticate::class, \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Auth\Middleware\Authorize::class, \App\Http\Middleware\AuthenticateAdmin::class, ]; + + /** + * Handle an incoming HTTP request. + * + * @param \Illuminate\Http\Request $request HTTP Request object + * + * @return \Illuminate\Http\Response + */ + public function handle($request) + { + // Overwrite the http request object + return parent::handle(Request::createFrom($request)); + } } diff --git a/src/app/Http/Middleware/TrustProxies.php b/src/app/Http/Middleware/TrustProxies.php index 19ef0ca8..c8fa0d98 100644 --- a/src/app/Http/Middleware/TrustProxies.php +++ b/src/app/Http/Middleware/TrustProxies.php @@ -1,23 +1,28 @@ headers->get('X-Client-IP')) && $this->isFromTrustedProxy()) { + return $client_ip; + } + + return parent::ip(); + } +} diff --git a/src/app/Observers/SignupCodeObserver.php b/src/app/Observers/SignupCodeObserver.php index 8c832697..7f987cf2 100644 --- a/src/app/Observers/SignupCodeObserver.php +++ b/src/app/Observers/SignupCodeObserver.php @@ -1,67 +1,76 @@ code)) { $code->short_code = SignupCode::generateShortCode(); // FIXME: Replace this with something race-condition free while (true) { $code->code = Str::random($code_length); if (!SignupCode::find($code->code)) { break; } } } + $code->headers = collect(request()->headers->all()) + ->filter(function ($value, $key) { + // remove some headers we don't care about + return !in_array($key, ['cookie', 'referer', 'x-test-payment-provider', 'origin']); + }) + ->map(function ($value) { + return is_array($value) && count($value) == 1 ? $value[0] : $value; + }); + $code->expires_at = Carbon::now()->addHours($exp_hours); $code->ip_address = request()->ip(); if ($code->email) { $parts = explode('@', $code->email); $code->local_part = $parts[0]; $code->domain_part = $parts[1]; } } /** * Handle the "updating" event. * * @param SignupCode $code The code being updated. * * @return void */ public function updating(SignupCode $code) { if ($code->email) { $parts = explode('@', $code->email); $code->local_part = $parts[0]; $code->domain_part = $parts[1]; } else { $code->local_part = null; $code->domain_part = null; } } } diff --git a/src/app/SignupCode.php b/src/app/SignupCode.php index 29e43e2a..73ecd7af 100644 --- a/src/app/SignupCode.php +++ b/src/app/SignupCode.php @@ -1,104 +1,106 @@ 'array']; + /** * The attributes that should be mutated to dates. * * @var array */ protected $dates = ['expires_at']; /** * Check if code is expired. * * @return bool True if code is expired, False otherwise */ public function isExpired() { // @phpstan-ignore-next-line return $this->expires_at ? Carbon::now()->gte($this->expires_at) : false; } /** * Generate a short code (for human). * * @return string */ public static function generateShortCode(): string { $code_length = env('SIGNUP_CODE_LENGTH', self::SHORTCODE_LENGTH); return \App\Utils::randStr($code_length); } } diff --git a/src/composer.json b/src/composer.json index 0f495473..c5258a8a 100644 --- a/src/composer.json +++ b/src/composer.json @@ -1,86 +1,87 @@ { "name": "laravel/laravel", "type": "project", "description": "The Laravel Framework.", "keywords": [ "framework", "laravel" ], "license": "MIT", "repositories": [ { "type": "vcs", "url": "https://git.kolab.org/diffusion/PNL/php-net_ldap3.git" } ], "require": { "php": "^7.1.3", "barryvdh/laravel-dompdf": "^0.8.6", + "doctrine/dbal": "^2.13", "dyrynda/laravel-nullable-fields": "*", "fideloper/proxy": "^4.0", "kolab/net_ldap3": "dev-master", "laravel/framework": "6.*", "laravel/horizon": "^3", "laravel/tinker": "^2.4", "mollie/laravel-mollie": "^2.9", "morrislaptop/laravel-queue-clear": "^1.2", "silviolleite/laravelpwa": "^2.0", "spatie/laravel-translatable": "^4.2", "spomky-labs/otphp": "~4.0.0", "stripe/stripe-php": "^7.29", "swooletw/laravel-swoole": "^2.6", "tymon/jwt-auth": "^1.0" }, "require-dev": { "beyondcode/laravel-dump-server": "^1.0", "beyondcode/laravel-er-diagram-generator": "^1.3", "code-lts/doctum": "^5.1", "filp/whoops": "^2.0", "fzaninotto/faker": "^1.4", "kirschbaum-development/mail-intercept": "^0.2.4", "laravel/dusk": "~5.11.0", "mockery/mockery": "^1.0", "nunomaduro/larastan": "^0.6", "phpstan/phpstan": "^0.12", "phpunit/phpunit": "^8" }, "config": { "optimize-autoloader": true, "preferred-install": "dist", "sort-packages": true }, "extra": { "laravel": { "dont-discover": [] } }, "autoload": { "psr-4": { "App\\": "app/" }, "classmap": [ "database/seeds", "database/factories", "include" ] }, "autoload-dev": { "psr-4": { "Tests\\": "tests/" } }, "minimum-stability": "dev", "prefer-stable": true, "scripts": { "post-autoload-dump": [ "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump", "@php artisan package:discover --ansi" ], "post-root-package-install": [ "@php -r \"file_exists('.env') || copy('.env.example', '.env');\"" ], "post-create-project-cmd": [ "@php artisan key:generate --ansi" ] } } diff --git a/src/database/migrations/2021_04_08_150000_signup_code_headers.php b/src/database/migrations/2021_04_08_150000_signup_code_headers.php new file mode 100644 index 00000000..037b8298 --- /dev/null +++ b/src/database/migrations/2021_04_08_150000_signup_code_headers.php @@ -0,0 +1,40 @@ +text('headers')->nullable(); + } + ); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table( + 'signup_codes', + function (Blueprint $table) { + $table->dropColumn('headers'); + } + ); + } +}