From 58b31bb4c18591dfc4c821669944b3573f3398da Mon Sep 17 00:00:00 2001 From: Jonny Barnes Date: Sat, 8 Jun 2024 19:39:09 +0100 Subject: [PATCH] Add Indieweb related link to the HTTP headers --- app/Http/Middleware/LinkHeadersMiddleware.php | 9 ++++--- bootstrap/app.php | 19 ++++++++------ config/url.php | 11 -------- resources/views/master.blade.php | 5 ++-- routes/web.php | 6 ++--- tests/Feature/HeaderLinkTest.php | 25 +++++++++++++++++++ 6 files changed, 47 insertions(+), 28 deletions(-) create mode 100644 tests/Feature/HeaderLinkTest.php diff --git a/app/Http/Middleware/LinkHeadersMiddleware.php b/app/Http/Middleware/LinkHeadersMiddleware.php index 66896428..879020be 100644 --- a/app/Http/Middleware/LinkHeadersMiddleware.php +++ b/app/Http/Middleware/LinkHeadersMiddleware.php @@ -16,10 +16,11 @@ class LinkHeadersMiddleware public function handle(Request $request, Closure $next): Response { $response = $next($request); - $response->header('Link', '; rel="authorization_endpoint"', false); - $response->header('Link', '<' . config('app.url') . '/api/token>; rel="token_endpoint"', false); - $response->header('Link', '<' . config('app.url') . '/api/post>; rel="micropub"', false); - $response->header('Link', '<' . config('app.url') . '/webmention>; rel="webmention"', false); + $response->header('Link', '<' . route('indieauth.metadata') . '>; rel="indieauth-metadata"', false); + $response->header('Link', '<' . route('indieauth.start') . '>; rel="authorization_endpoint"', false); + $response->header('Link', '<' . route('indieauth.token') . '>; rel="token_endpoint"', false); + $response->header('Link', '<' . route('micropub-endpoint') . '>; rel="micropub"', false); + $response->header('Link', '<' . route('webmention-endpoint') . '>; rel="webmention"', false); return $response; } diff --git a/bootstrap/app.php b/bootstrap/app.php index 3e55ca98..6137bc86 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -1,5 +1,6 @@ withMiddleware(function (Middleware $middleware) { - $middleware->validateCsrfTokens(except: [ - 'auth', // This is the IndieAuth auth endpoint - 'token', // This is the IndieAuth token endpoint - 'api/post', - 'api/media', - 'micropub/places', - 'webmention', - ]); + $middleware + ->append(LinkHeadersMiddleware::class) + ->validateCsrfTokens(except: [ + 'auth', // This is the IndieAuth auth endpoint + 'token', // This is the IndieAuth token endpoint + 'api/post', + 'api/media', + 'micropub/places', + 'webmention', + ]); }) ->withExceptions(function (Exceptions $exceptions) { // diff --git a/config/url.php b/config/url.php index a1962ade..dfdffe6b 100644 --- a/config/url.php +++ b/config/url.php @@ -29,15 +29,4 @@ return [ 'shorturl' => env('APP_SHORTURL', 'shorturl.local'), - /* - |-------------------------------------------------------------------------- - | Authorization endpoint - |-------------------------------------------------------------------------- - | - | The authorization endpoint for the application, used primarily for Micropub - | - */ - - 'authorization_endpoint' => env('AUTHORIZATION_ENDPOINT', 'https://indieauth.com/auth'), - ]; diff --git a/resources/views/master.blade.php b/resources/views/master.blade.php index 5c4f09d9..c0123468 100644 --- a/resources/views/master.blade.php +++ b/resources/views/master.blade.php @@ -16,8 +16,9 @@ - - + + + diff --git a/routes/web.php b/routes/web.php index aed8e64d..110501a3 100644 --- a/routes/web.php +++ b/routes/web.php @@ -192,7 +192,7 @@ Route::domain(config('url.longurl'))->group(function () { }); // IndieAuth - Route::get('.well-known/indieauth-server', [IndieAuthController::class, 'indieAuthMetadataEndpoint']); + Route::get('.well-known/indieauth-server', [IndieAuthController::class, 'indieAuthMetadataEndpoint'])->name('indieauth.metadata'); Route::get('auth', [IndieAuthController::class, 'start'])->middleware(MyAuthMiddleware::class)->name('indieauth.start'); Route::post('auth/confirm', [IndieAuthController::class, 'confirm'])->middleware(MyAuthMiddleware::class); Route::post('auth', [IndieAuthController::class, 'processCodeExchange']); @@ -200,7 +200,7 @@ Route::domain(config('url.longurl'))->group(function () { // Micropub Endpoints Route::get('api/post', [MicropubController::class, 'get'])->middleware(VerifyMicropubToken::class); - Route::post('api/post', [MicropubController::class, 'post'])->middleware(VerifyMicropubToken::class); + Route::post('api/post', [MicropubController::class, 'post'])->middleware(VerifyMicropubToken::class)->name('micropub-endpoint'); Route::get('api/media', [MicropubMediaController::class, 'getHandler'])->middleware(VerifyMicropubToken::class); Route::post('api/media', [MicropubMediaController::class, 'media']) ->middleware([VerifyMicropubToken::class, CorsHeaders::class]) @@ -208,7 +208,7 @@ Route::domain(config('url.longurl'))->group(function () { Route::options('/api/media', [MicropubMediaController::class, 'mediaOptionsResponse'])->middleware(CorsHeaders::class); // Webmention - Route::get('webmention', [WebMentionsController::class, 'get']); + Route::get('webmention', [WebMentionsController::class, 'get']) ->name('webmention-endpoint'); Route::post('webmention', [WebMentionsController::class, 'receive']); // Contacts diff --git a/tests/Feature/HeaderLinkTest.php b/tests/Feature/HeaderLinkTest.php new file mode 100644 index 00000000..8e220c79 --- /dev/null +++ b/tests/Feature/HeaderLinkTest.php @@ -0,0 +1,25 @@ +get('/'); + + $linkHeaders = $response->headers->allPreserveCaseWithoutCookies()['Link']; + + $this->assertSame('<' . config('app.url') . '/.well-known/indieauth-server>; rel="indieauth-metadata"', $linkHeaders[0]); + $this->assertSame('<' . config('app.url') . '/auth>; rel="authorization_endpoint"', $linkHeaders[1]); + $this->assertSame('<' . config('app.url') . '/token>; rel="token_endpoint"', $linkHeaders[2]); + $this->assertSame('<' . config('app.url') . '/api/post>; rel="micropub"', $linkHeaders[3]); + $this->assertSame('<' . config('app.url') . '/webmention>; rel="webmention"', $linkHeaders[4]); + } +}