Cachet is now a Laravel 5 app

app/Http/Middleware/Admin.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Support\Facades\Response;
+
+class Admin
+{
+    /**
+     * The Guard implementation.
+     *
+     * @var Guard
+     */
+    protected $auth;
+
+    /**
+     * Create a new filter instance.
+     *
+     * @param Guard $auth
+     *
+     * @return void
+     */
+    public function __construct(Guard $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Run the cors middleware.
+     *
+     * We're verifying that the current user is logged in to Cachet and is an admin level.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if (!$this->auth->check() || ($this->auth->check() && !$this->auth->user()->isAdmin)) {
+            return Response::view('errors.401', [
+                'pageTitle' => trans('errors.unauthorized.title'),
+            ], 401);
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/AllowedDomains.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use CachetHQ\Cachet\Facades\Setting;
+use Closure;
+
+class AllowedDomains
+{
+    /**
+     * Run the allowed domains middleware.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $response = $next($request);
+
+        // Always allow our own domain.
+        $ourDomain = Setting::get('app_domain');
+        $response->headers->set('Access-Control-Allow-Origin', $ourDomain);
+
+        // Should we allow anyone else?
+        if ($allowedDomains = Setting::get('allowed_domains')) {
+            $domains = explode(',', $allowedDomains);
+            foreach ($domains as $domain) {
+                $response->headers->set('Access-Control-Allow-Origin', $domain);
+            }
+        }
+
+        return $response;
+    }
+}

app/Http/Middleware/ApiAuthenticate.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use CachetHQ\Cachet\Models\User;
+use Closure;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
+
+class ApiAuthenticate
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if ($apiToken = $request->header('X-Cachet-Token')) {
+            try {
+                User::findByApiToken($apiToken);
+            } catch (ModelNotFoundException $e) {
+                return response()->json([
+                    'message'     => 'The API token you provided was not correct.',
+                    'status_code' => 401,
+                ], 401);
+            }
+        } else {
+            return response()->json([
+                'message'     => 'You are not authorized to view this content.',
+                'status_code' => 401,
+            ], 401);
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/AppIsSetup.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use CachetHQ\Cachet\Models\Setting;
+use Closure;
+use Exception;
+use Illuminate\Support\Facades\Redirect;
+
+class AppIsSetup
+{
+    /**
+     * Run the is setup filter.
+     *
+     * We're verifying that Cachet is correctly setup. If it is, they we're
+     * sending the user to the dashboard so they can use Cachet.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Closure                  $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        try {
+            $setting = Setting::where('name', 'app_name')->first();
+            if ($setting && $setting->value) {
+                return Redirect::route('dashboard');
+            }
+        } catch (Exception $e) {
+            // do nothing
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/Authenticate.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use Illuminate\Contracts\Auth\Guard;
+
+class Authenticate
+{
+    /**
+     * The Guard implementation.
+     *
+     * @var Guard
+     */
+    protected $auth;
+
+    /**
+     * Create a new filter instance.
+     *
+     * @param Guard $auth
+     *
+     * @return void
+     */
+    public function __construct(Guard $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if ($this->auth->guest()) {
+            if ($request->ajax()) {
+                return response('Unauthorized.', 401);
+            } else {
+                return redirect()->guest('auth/login');
+            }
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/Cors.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+
+class Cors
+{
+    /**
+     * Run the cors middleware.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $response = $next($request);
+
+        $response->headers->set('Access-Control-Allow-Origin', '*');
+
+        return $response;
+    }
+}

app/Http/Middleware/HasSetting.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use CachetHQ\Cachet\Models\Setting;
+use Closure;
+use Exception;
+use Illuminate\Support\Facades\Redirect;
+
+class HasSetting
+{
+    /**
+     * Run the has setting middleware.
+     *
+     * We're verifying that the given setting exists in our database. If it
+     * doesn't, then we're sending the user to the setup page so that they can
+     * complete the installation of Cachet on their server.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $settingName = $this->getSettingName($request);
+
+        try {
+            $setting = Setting::where('name', $settingName)->first();
+            if (!$setting || !$setting->value) {
+                return Redirect::to('setup');
+            }
+        } catch (Exception $e) {
+            return Redirect::to('setup');
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * Get the setting from the request.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return array
+     */
+    private function getSettingName($request)
+    {
+        $actions = $request->route()->getAction();
+
+        return $actions['setting'];
+    }
+}

app/Http/Middleware/LoginThrottling.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use GrahamCampbell\Throttle\Facades\Throttle;
+use Illuminate\Support\Facades\Redirect;
+
+class LoginThrottling
+{
+    /**
+     *  Run the login throttling middleware.
+     *
+     * We're verifying that the user is not attempting to brute force Cachet's
+     * login system. If the user has reached the rate limit, then we're sending
+     * them away, otherwise, we do nothing, and allow them to continue.
+     *
+     * Note that this filter is not responsible for incrementing the hit count.
+     * Another part of Cachet will increment the hit count for the given route
+     * only if validation passes, and the user did not successfully login.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if (!Throttle::check($request, 10, 10)) {
+            return Redirect::back()->with('error', 'You have made too many login requests.');
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/RedirectIfAuthenticated.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Http\RedirectResponse;
+
+class RedirectIfAuthenticated
+{
+    /**
+     * The Guard implementation.
+     *
+     * @var Guard
+     */
+    protected $auth;
+
+    /**
+     * Create a new filter instance.
+     *
+     * @param Guard $auth
+     *
+     * @return void
+     */
+    public function __construct(Guard $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if ($this->auth->check()) {
+            return new RedirectResponse(url('/home'));
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/VerifyCsrfToken.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Closure;
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
+
+class VerifyCsrfToken extends BaseVerifier
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        return parent::handle($request, $next);
+    }
+}