Merge branch '2.4' into feature/remote-user-authenticate

2019-06-23 09:04:25 +01:00
parent 6ce087e5ad 066837fa71
commit 5c50e3c068
136 changed files with 5378 additions and 2760 deletions
--- a/app/Http/Middleware/Acceptable.php
+++ b/app/Http/Middleware/Acceptable.php
@@ -18,7 +18,7 @@ use Symfony\Component\HttpKernel\Exception\NotAcceptableHttpException;
 /**
 * This is the acceptable middleware class.
 *
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 */
 class Acceptable
--- a/app/Http/Middleware/Admin.php
+++ b/app/Http/Middleware/Admin.php
@@ -20,7 +20,7 @@ use Symfony\Component\HttpKernel\Exception\HttpException;
 * This is the admin middleware class.
 *
 * @author Joseph Cohen <joe@alt-three.com>
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 */
 class Admin
--- a/app/Http/Middleware/ApiAuthentication.php
+++ b/app/Http/Middleware/ApiAuthentication.php
@@ -22,7 +22,7 @@ use Symfony\Component\HttpKernel\Exception\HttpException;
 * This is the api authentication middleware class.
 *
 * @author Joseph Cohen <joe@alt-three.com>
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 */
 class ApiAuthentication
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -20,7 +20,7 @@ use Symfony\Component\HttpKernel\Exception\HttpException;
 * This is the authenticate middleware class.
 *
 * @author Joseph Cohen <joe@alt-three.com>
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 */
 class Authenticate
--- a/app/Http/Middleware/CacheControl.php
+++ b/app/Http/Middleware/CacheControl.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class CacheControl
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        $response = $next($request);
+
+        $maxAge = time() + 30;
+
+        $response->header('Cache-Control', 'public,max-age='.$maxAge);
+
+        return $response;
+    }
+}
--- a/app/Http/Middleware/Localize.php
+++ b/app/Http/Middleware/Localize.php
@@ -22,7 +22,7 @@ use Jenssegers\Date\Date;
 *
 * @author James Brooks <james@alt-three.com>
 * @author Joseph Cohen <joe@alt-three.com>
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 */
 class Localize
 {
--- a/app/Http/Middleware/ReadyForUse.php
+++ b/app/Http/Middleware/ReadyForUse.php
@@ -18,7 +18,7 @@ use Illuminate\Http\Request;
 /**
 * This is the ready for use middleware class.
 *
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 * @author Joseph Cohen <joe@alt-three.com>
 */
--- a/app/Http/Middleware/RedirectIfAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfAuthenticated.php
@@ -18,7 +18,7 @@ use Illuminate\Http\Request;
 /**
 * This is the redirect if authenticated middleware class.
 *
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author Joseph Cohen <joe@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 */
--- a/app/Http/Middleware/SetupAlreadyCompleted.php
+++ b/app/Http/Middleware/SetupAlreadyCompleted.php
@@ -19,7 +19,7 @@ use Illuminate\Http\Request;
 /**
 * This is the setup already completed middelware class.
 *
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 * @author Joseph Cohen <joe@alt-three.com>
 */
--- a/app/Http/Middleware/SubscribersConfigured.php
+++ b/app/Http/Middleware/SubscribersConfigured.php
@@ -19,7 +19,7 @@ use Illuminate\Http\Request;
 * This is the subscribers configured middleware class.
 *
 * @author James Brooks <james@alt-three.com>
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 */
 class SubscribersConfigured
 {
--- a/app/Http/Middleware/Throttler.php
+++ b/app/Http/Middleware/Throttler.php
@@ -0,0 +1,125 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use Illuminate\Cache\RateLimiter;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
+
+/**
+ * This is the throttler middleware class.
+ *
+ * @author Graham Campbell <graham@alt-three.com>
+ */
+class Throttler
+{
+    /**
+     * The rate limiter instance.
+     *
+     * @var \Illuminate\Cache\RateLimiter
+     */
+    protected $limiter;
+
+    /**
+     * Create a new throttler middleware instance.
+     *
+     * @param \Illuminate\Cache\RateLimiter $limiter
+     *
+     * @return void
+     */
+    public function __construct(RateLimiter $limiter)
+    {
+        $this->limiter = $limiter;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @param int|string               $limit
+     * @param int|string               $decay
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException
+     *
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next, $limit = 60, $decay = 1)
+    {
+        return $this->safeHandle($request, $next, (int) $limit, (int) $decay);
+    }
+
+    /**
+     * Handle an incoming request, with correct types.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @param int                      $limit
+     * @param int                      $decay
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException
+     *
+     * @return mixed
+     */
+    protected function safeHandle(Request $request, Closure $next, int $limit, int $decay)
+    {
+        $key = $request->fingerprint();
+
+        if ($this->limiter->tooManyAttempts($key, $limit, $decay)) {
+            throw $this->buildException($key, $limit);
+        }
+
+        $this->limiter->hit($key, $decay);
+
+        $response = $next($request);
+
+        $response->headers->add($this->getHeaders($key, $limit));
+
+        return $response;
+    }
+
+    /**
+     * Create a too many requests http exception.
+     *
+     * @param string $key
+     * @param int    $limit
+     *
+     * @return \Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException
+     */
+    protected function buildException(string $key, int $limit)
+    {
+        $after = $this->limiter->availableIn($key);
+        $exception = new TooManyRequestsHttpException($after, 'Rate limit exceeded.');
+        $exception->setHeaders($this->getHeaders($key, $limit, $after, $exception->getHeaders()));
+
+        return $exception;
+    }
+
+    /**
+     * Get the limit header information.
+     *
+     * @param string   $key
+     * @param int      $limit
+     * @param int|null $after
+     * @param array    $merge
+     *
+     * @return array
+     */
+    protected function getHeaders(string $key, int $limit, int $after = null, array $merge = [])
+    {
+        $remaining = $after === null ? $this->limiter->retriesLeft($key, $limit) : 0;
+        $headers = ['X-RateLimit-Limit' => $limit, 'X-RateLimit-Remaining' => $remaining];
+
+        return array_merge($headers, $merge);
+    }
+}
--- a/app/Http/Middleware/Timezone.php
+++ b/app/Http/Middleware/Timezone.php
@@ -19,7 +19,7 @@ use Illuminate\Http\Request;
 * This is the timezone middleware class.
 *
 * @author James Brooks <james@alt-three.com>
- * @author Graham Campbell <james@alt-three.com>
+ * @author Graham Campbell <graham@alt-three.com>
 */
 class Timezone
 {
--- a/app/Http/Middleware/VerifyCsrfToken.php
+++ b/app/Http/Middleware/VerifyCsrfToken.php
@@ -0,0 +1,38 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
+
+/**
+ * This is the verify csrf token middleware class.
+ *
+ * @author James Brooks <james@alt-three.com>
+ */
+class VerifyCsrfToken extends Middleware
+{
+    /**
+     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
+     *
+     * @var bool
+     */
+    protected $addHttpCookie = true;
+
+    /**
+     * The URIs that should be excluded from CSRF verification.
+     *
+     * @var array
+     */
+    protected $except = [
+        '/api/*',
+    ];
+}