Merge pull request #2894 from nstapelbroek/feature/2812-firewall-frontend

Feature always authenticate
This commit is contained in:
James Brooks
2018-04-05 08:22:21 +01:00
committed by GitHub
9 changed files with 336 additions and 10 deletions
@@ -13,7 +13,13 @@ namespace CachetHQ\Cachet\Foundation\Providers;
use Barryvdh\Cors\HandleCors;
use CachetHQ\Cachet\Http\Middleware\Acceptable;
use CachetHQ\Cachet\Http\Middleware\Authenticate;
use CachetHQ\Cachet\Http\Middleware\Timezone;
use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
use CachetHQ\Cachet\Http\Routes\AuthRoutes;
use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
use CachetHQ\Cachet\Http\Routes\SetupRoutes;
use CachetHQ\Cachet\Http\Routes\SignupRoutes;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
@@ -41,6 +47,21 @@ class RouteServiceProvider extends ServiceProvider
*/
protected $namespace = 'CachetHQ\Cachet\Http\Controllers';
/**
* These are the route files that should always be available anonymously.
*
* When applying the always_authenticate feature, these routes will be skipped.
*
* @var string[]
*/
protected $whitelistedAuthRoutes = [
AuthRoutes::class,
SetupRoutes::class,
SignupRoutes::class,
ApiSystemRoutes::class,
ApiSetupRoutes::class,
];
/**
* Define the route model bindings, pattern filters, etc.
*
@@ -89,6 +110,7 @@ class RouteServiceProvider extends ServiceProvider
$router->group(['namespace' => $this->namespace, 'as' => 'core::'], function (Router $router) {
$path = app_path('Http/Routes');
$applyAlwaysAuthenticate = $this->app['config']->get('setting.always_authenticate', false);
$AllFileIterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path));
$PhpFileIterator = new \RegexIterator($AllFileIterator, '/^.+\.php$/i', \RecursiveRegexIterator::GET_MATCH);
@@ -100,9 +122,9 @@ class RouteServiceProvider extends ServiceProvider
$routes = $this->app->make("CachetHQ\\Cachet\\Http\\Routes${class}");
if ($routes::$browser) {
$this->mapForBrowser($router, $routes);
$this->mapForBrowser($router, $routes, $applyAlwaysAuthenticate);
} else {
$this->mapOtherwise($router, $routes);
$this->mapOtherwise($router, $routes, $applyAlwaysAuthenticate);
}
}
});
@@ -113,10 +135,11 @@ class RouteServiceProvider extends ServiceProvider
*
* @param \Illuminate\Routing\Router $router
* @param object $routes
* @param bool $applyAlwaysAuthenticate
*
* @return void
*/
protected function mapForBrowser(Router $router, $routes)
protected function mapForBrowser(Router $router, $routes, $applyAlwaysAuthenticate)
{
$middleware = [
EncryptCookies::class,
@@ -127,6 +150,10 @@ class RouteServiceProvider extends ServiceProvider
SubstituteBindings::class,
];
if ($applyAlwaysAuthenticate && !$this->isWhiteListedAuthRoute($routes)) {
$middleware[] = Authenticate::class;
}
$router->group(['middleware' => $middleware], function (Router $router) use ($routes) {
$routes->map($router);
});
@@ -137,10 +164,11 @@ class RouteServiceProvider extends ServiceProvider
*
* @param \Illuminate\Routing\Router $router
* @param object $routes
* @param bool $applyAlwaysAuthenticate
*
* @return void
*/
protected function mapOtherwise(Router $router, $routes)
protected function mapOtherwise(Router $router, $routes, $applyAlwaysAuthenticate)
{
$middleware = [
HandleCors::class,
@@ -149,8 +177,31 @@ class RouteServiceProvider extends ServiceProvider
Timezone::class,
];
if ($applyAlwaysAuthenticate && !$this->isWhiteListedAuthRoute($routes)) {
$middleware[] = 'auth.api:true';
}
$router->group(['middleware' => $middleware], function (Router $router) use ($routes) {
$routes->map($router);
});
}
/**
* Validates if the route object is an instance of the whitelisted routes.
* A small workaround since we cant use multiple classes in a `instanceof` comparison.
*
* @param object $routes
*
* @return bool
*/
private function isWhiteListedAuthRoute($routes)
{
foreach ($this->whitelistedAuthRoutes as $whitelistedRoute) {
if (is_a($routes, $whitelistedRoute)) {
return true;
}
}
return false;
}
}
@@ -20,6 +20,7 @@ use Exception;
use GrahamCampbell\Binput\Facades\Binput;
use Illuminate\Log\Writer;
use Illuminate\Routing\Controller;
use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Lang;
@@ -384,6 +385,10 @@ class SettingsController extends Controller
Lang::setLocale(Binput::get('app_locale'));
}
if (Binput::has('always_authenticate')) {
Artisan::call('route:clear');
}
return Redirect::back()->withSuccess(trans('dashboard.settings.edit.success'));
}
-4
View File
@@ -41,10 +41,6 @@ class ApiRoutes
'prefix' => 'api/v1',
], function (Registrar $router) {
$router->group(['middleware' => ['auth.api']], function (Registrar $router) {
$router->get('ping', 'GeneralController@ping');
$router->get('version', 'GeneralController@version');
$router->get('status', 'GeneralController@status');
$router->get('components', 'ComponentController@index');
$router->get('components/groups', 'ComponentGroupController@index');
$router->get('components/groups/{component_group}', 'ComponentGroupController@show');
+50
View File
@@ -0,0 +1,50 @@
<?php
/*
* This file is part of Cachet.
*
* (c) Alt Three Services Limited
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace CachetHQ\Cachet\Http\Routes;
use Illuminate\Contracts\Routing\Registrar;
/**
* This is the api routes class.
*
* @author James Brooks <james@alt-three.com>
*/
class ApiSystemRoutes
{
/**
* Defines if these routes are for the browser.
*
* @var bool
*/
public static $browser = false;
/**
* Define the api routes for the system status, ping and version.
*
* @param \Illuminate\Contracts\Routing\Registrar $router
*
* @return void
*/
public function map(Registrar $router)
{
$router->group([
'namespace' => 'Api',
'prefix' => 'api/v1',
], function (Registrar $router) {
$router->group(['middleware' => ['auth.api']], function (Registrar $router) {
$router->get('ping', 'GeneralController@ping');
$router->get('version', 'GeneralController@version');
$router->get('status', 'GeneralController@status');
});
});
}
}