mirror of
https://github.com/CachetHQ/Cachet.git
synced 2025-01-17 21:49:01 +01:00
Fully documented the filters
This commit is contained in:
parent
deb4aae0d4
commit
4d6de70ba8
@ -9,6 +9,15 @@ use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class AllowedDomainsFilter
|
||||
{
|
||||
/**
|
||||
* Run the allowed domains filter.
|
||||
*
|
||||
* @param \Illuminate\Routing\Route $route
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Symfony\Component\HttpFoundation\Response $response
|
||||
*
|
||||
* @return \Symfony\Component\HttpFoundation\Response
|
||||
*/
|
||||
public function filter(Route $route, Request $request, Response $response)
|
||||
{
|
||||
// Always allow our own domain.
|
||||
|
@ -8,6 +8,15 @@ use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class CorsFilter
|
||||
{
|
||||
/**
|
||||
* Run the cors filter.
|
||||
*
|
||||
* @param \Illuminate\Routing\Route $route
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Symfony\Component\HttpFoundation\Response $response
|
||||
*
|
||||
* @return \Symfony\Component\HttpFoundation\Response
|
||||
*/
|
||||
public function filter(Route $route, Request $request, Response $response)
|
||||
{
|
||||
$response->headers->set('Access-Control-Allow-Origin', '*');
|
||||
|
@ -10,6 +10,16 @@ use Illuminate\Support\Facades\Response;
|
||||
|
||||
class AuthFilter
|
||||
{
|
||||
/**
|
||||
* Run the auth filter.
|
||||
*
|
||||
* We're verifying that the current user is logged in to Cachet.
|
||||
*
|
||||
* @param \Illuminate\Routing\Route $route
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return \Illuminate\Http\Response|null
|
||||
*/
|
||||
public function filter(Route $route, Request $request)
|
||||
{
|
||||
if (Auth::guest()) {
|
||||
|
@ -8,6 +8,17 @@ use Illuminate\Support\Facades\Session;
|
||||
|
||||
class CsrfFilter
|
||||
{
|
||||
/**
|
||||
* Run the csrf filter.
|
||||
*
|
||||
* We're protecting Cachet against cross-site request forgery attacks. If
|
||||
* our csrf token in the session does not match the one given sent to us in
|
||||
* this request, then we'll bail.
|
||||
*
|
||||
* @throws \Illuminate\Session\TokenMismatchException
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function filter()
|
||||
{
|
||||
if (Session::token() !== Input::get('_token')) {
|
||||
|
@ -7,6 +7,16 @@ use Illuminate\Support\Facades\Redirect;
|
||||
|
||||
class GuestFilter
|
||||
{
|
||||
/**
|
||||
* Run the guest filter.
|
||||
*
|
||||
* We're checking if the current user is logged in to Cachet, and if
|
||||
* they're not, then we're redirecting them to the home page.
|
||||
*
|
||||
* @throws \Illuminate\Session\TokenMismatchException
|
||||
*
|
||||
* @return \Illuminate\Http\Response|null
|
||||
*/
|
||||
public function filter()
|
||||
{
|
||||
if (Auth::check()) {
|
||||
|
@ -10,11 +10,24 @@ use Illuminate\Support\Facades\Redirect;
|
||||
|
||||
class HasSettingFilter
|
||||
{
|
||||
/**
|
||||
* Run the has setting filter.
|
||||
*
|
||||
* We're verifying that the given setting exists in our database. If it
|
||||
* doesn't, then we're sending the user to the setup page so that they can
|
||||
* complete the installation of Cachet on their server.
|
||||
*
|
||||
* @param \Illuminate\Routing\Route $route
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param string $settingName
|
||||
*
|
||||
* @return \Illuminate\Http\Response|null
|
||||
*/
|
||||
public function filter(Route $route, Request $request, $settingName)
|
||||
{
|
||||
try {
|
||||
$setting = Setting::where('name', $settingName)->first();
|
||||
if (!$setting->value) {
|
||||
if (!$setting || !$setting->value) {
|
||||
return Redirect::to('setup');
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
|
@ -10,11 +10,23 @@ use Illuminate\Support\Facades\Redirect;
|
||||
|
||||
class IsSetupFilter
|
||||
{
|
||||
/**
|
||||
* Run the is setup filter.
|
||||
*
|
||||
* We're verifying that Cachet is correctly setup. If it is, they we're
|
||||
* sending the user to the dashboard so they can use Cachet.
|
||||
*
|
||||
* @param \Illuminate\Routing\Route $route
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param string $settingName
|
||||
*
|
||||
* @return \Illuminate\Http\Response|null
|
||||
*/
|
||||
public function filter(Route $route, Request $request)
|
||||
{
|
||||
try {
|
||||
$setting = Setting::where('name', 'app_name')->first();
|
||||
if ($setting->value) {
|
||||
if ($setting && $setting->value) {
|
||||
return Redirect::to('/dashboard');
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
|
@ -9,13 +9,26 @@ use Illuminate\Support\Facades\Redirect;
|
||||
|
||||
class LoginThrottlingFilter
|
||||
{
|
||||
/**
|
||||
* Run the login throttling filter.
|
||||
*
|
||||
* We're verifying that the user is not attempting to brute force Cachet's
|
||||
* login system. If the user has reached the rate limit, then we're sending
|
||||
* them away, otherwise, we do nothing, and allow them to continue.
|
||||
*
|
||||
* Note that this filter is not responsible for incrementing the hit count.
|
||||
* Another part of Cachet will increment the hit count for the given route
|
||||
* only if validation passes, and the user did not successfully login.
|
||||
*
|
||||
* @param \Illuminate\Routing\Route $route
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return \Illuminate\Http\Response|null
|
||||
*/
|
||||
public function filter(Route $route, Request $request)
|
||||
{
|
||||
// check if we've reached the rate limit, but don't hit the throttle yet
|
||||
// we can hit the throttle later on in the if validation passes
|
||||
if (!Throttle::check($request, 10, 10)) {
|
||||
return Redirect::back()
|
||||
->with('error', 'You have made too many login requests.');
|
||||
return Redirect::back()->with('error', 'You have made too many login requests.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user