Protect admin routes with new eloquent sessions
When using Laravel’s own auth middleware an exception would then get thrown which was being sent to Slack, hmmm. So I modified the original MyAuthMiddleware to use the Auth facade instead of a custom session key. A logout page has also been added.
This commit is contained in:
parent
db3708bbb6
commit
2e79492b01
4 changed files with 58 additions and 17 deletions
|
|
@ -4,7 +4,6 @@ declare(strict_types=1);
|
|||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use Illuminate\View\View;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
|
||||
|
|
@ -40,4 +39,31 @@ class AuthController extends Controller
|
|||
|
||||
return redirect()->route('login');
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the form to logout a user.
|
||||
*
|
||||
* @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
|
||||
*/
|
||||
public function showLogout()
|
||||
{
|
||||
if (Auth::check() === false) {
|
||||
// The user is not logged in, just redirect them home
|
||||
return redirect('/');
|
||||
}
|
||||
|
||||
return view('logout');
|
||||
}
|
||||
|
||||
/**
|
||||
* Log the user out from their current session.
|
||||
*
|
||||
* @return \Illuminate\Http\RedirectResponse;
|
||||
*/
|
||||
public function logout(): RedirectResponse
|
||||
{
|
||||
Auth::logout();
|
||||
|
||||
return redirect('/');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ namespace App\Http\Middleware;
|
|||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class MyAuthMiddleware
|
||||
{
|
||||
|
|
@ -18,7 +19,7 @@ class MyAuthMiddleware
|
|||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if ($request->session()->has('loggedin') !== true) {
|
||||
if (Auth::check($request->user()) == false) {
|
||||
//they’re not logged in, so send them to login form
|
||||
return redirect()->route('login');
|
||||
}
|
||||
|
|
|
|||
10
resources/views/logout.blade.php
Normal file
10
resources/views/logout.blade.php
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
@extends('master')
|
||||
@section('title')Logout @stop
|
||||
|
||||
@section('content')
|
||||
<h2>Logout</h2>
|
||||
<form action="logout" method="post">
|
||||
<input type="hidden" name="_token" value="{{ csrf_token() }}">
|
||||
<input type="submit" name="submit" value="Logout">
|
||||
</form>
|
||||
@stop
|
||||
|
|
@ -14,17 +14,21 @@
|
|||
Route::group(['domain' => config('url.longurl')], function () {
|
||||
Route::get('/', 'NotesController@index');
|
||||
|
||||
//Static project page
|
||||
// Static project page
|
||||
Route::view('projects', 'projects');
|
||||
|
||||
//Static colophon page
|
||||
// Static colophon page
|
||||
Route::view('colophon', 'colophon');
|
||||
|
||||
//The login routes to get authe'd for admin
|
||||
// The login routes to get auth'd for admin
|
||||
Route::get('login', 'AuthController@showLogin')->name('login');
|
||||
Route::post('login', 'AuthController@login');
|
||||
|
||||
//Admin pages grouped for filter
|
||||
// And the logout routes
|
||||
Route::get('logout', 'AuthController@showLogout')->name('logout');
|
||||
Route::post('logout', 'AuthController@logout');
|
||||
|
||||
// Admin pages grouped for filter
|
||||
Route::group([
|
||||
'middleware' => 'myauth',
|
||||
'namespace' => 'Admin',
|
||||
|
|
@ -42,7 +46,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::delete('/{id}', 'ArticlesController@destroy');
|
||||
});
|
||||
|
||||
//Notes
|
||||
// Notes
|
||||
Route::group(['prefix' => 'notes'], function () {
|
||||
Route::get('/', 'NotesController@index');
|
||||
Route::get('/create', 'NotesController@create');
|
||||
|
|
@ -52,7 +56,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::delete('/{id}', 'NotesController@destroy');
|
||||
});
|
||||
|
||||
//Micropub Clients
|
||||
// Micropub Clients
|
||||
Route::group(['prefix' => 'clients'], function () {
|
||||
Route::get('/', 'ClientsController@index');
|
||||
Route::get('/create', 'ClientsController@create');
|
||||
|
|
@ -62,7 +66,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::delete('/{id}', 'ClientsController@destroy');
|
||||
});
|
||||
|
||||
//Contacts
|
||||
// Contacts
|
||||
Route::group(['prefix' => 'contacts'], function () {
|
||||
Route::get('/', 'ContactsController@index');
|
||||
Route::get('/create', 'ContactsController@create');
|
||||
|
|
@ -73,7 +77,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::get('/{id}/getavatar', 'ContactsController@getAvatar');
|
||||
});
|
||||
|
||||
//Places
|
||||
// Places
|
||||
Route::group(['prefix' => 'places'], function () {
|
||||
Route::get('/', 'PlacesController@index');
|
||||
Route::get('/create', 'PlacesController@create');
|
||||
|
|
@ -86,7 +90,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::delete('/{id}', 'PlacesController@destroy');
|
||||
});
|
||||
|
||||
//Likes
|
||||
// Likes
|
||||
Route::group(['prefix' => 'likes'], function () {
|
||||
Route::get('/', 'LikesController@index');
|
||||
Route::get('/create', 'LikesController@create');
|
||||
|
|
@ -97,7 +101,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
});
|
||||
});
|
||||
|
||||
//Blog pages using ArticlesController
|
||||
// Blog pages using ArticlesController
|
||||
Route::group(['prefix' => 'blog'], function () {
|
||||
Route::get('/feed.rss', 'FeedsController@blogRss');
|
||||
Route::get('/feed.atom', 'FeedsController@blogAtom');
|
||||
|
|
@ -107,7 +111,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::get('/{year}/{month}/{slug}', 'ArticlesController@show');
|
||||
});
|
||||
|
||||
//Notes pages using NotesController
|
||||
// Notes pages using NotesController
|
||||
Route::group(['prefix' => 'notes'], function () {
|
||||
Route::get('/', 'NotesController@index');
|
||||
Route::get('/feed.rss', 'FeedsController@notesRss');
|
||||
|
|
@ -139,15 +143,15 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::post('api/media', 'MicropubController@media')->middleware('micropub.token', 'cors')->name('media-endpoint');
|
||||
Route::options('/api/media', 'MicropubController@mediaOptionsResponse')->middleware('cors');
|
||||
|
||||
//webmention
|
||||
// Webmention
|
||||
Route::get('webmention', 'WebMentionsController@get');
|
||||
Route::post('webmention', 'WebMentionsController@receive');
|
||||
|
||||
//Contacts
|
||||
// Contacts
|
||||
Route::get('contacts', 'ContactsController@index');
|
||||
Route::get('contacts/{nick}', 'ContactsController@show');
|
||||
|
||||
//Places
|
||||
// Places
|
||||
Route::get('places', 'PlacesController@index');
|
||||
Route::get('places/{slug}', 'PlacesController@show');
|
||||
|
||||
|
|
@ -156,7 +160,7 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::post('update-colour-scheme', 'SessionStoreController@saveColour');
|
||||
});
|
||||
|
||||
//Short URL
|
||||
// Short URL
|
||||
Route::group(['domain' => config('url.shorturl')], function () {
|
||||
Route::get('/', 'ShortURLsController@baseURL');
|
||||
Route::get('@', 'ShortURLsController@twitter');
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue