From 4d6de70ba80635c81f853b441271b2c96f950254 Mon Sep 17 00:00:00 2001
From: Graham Campbell <graham@mineuk.com>
Date: Fri, 2 Jan 2015 00:54:16 +0000
Subject: [PATCH] Fully documented the filters

---
 src/Http/After/AllowedDomainsFilter.php   |  9 +++++++++
 src/Http/After/CorsFilter.php             |  9 +++++++++
 src/Http/Before/AuthFilter.php            | 10 ++++++++++
 src/Http/Before/CsrfFilter.php            | 11 +++++++++++
 src/Http/Before/GuestFilter.php           | 10 ++++++++++
 src/Http/Before/HasSettingFilter.php      | 15 ++++++++++++++-
 src/Http/Before/IsSetupFilter.php         | 14 +++++++++++++-
 src/Http/Before/LoginThrottlingFilter.php | 21 +++++++++++++++++----
 8 files changed, 93 insertions(+), 6 deletions(-)

diff --git a/src/Http/After/AllowedDomainsFilter.php b/src/Http/After/AllowedDomainsFilter.php
index 497dddb91..61e6609a7 100644
--- a/src/Http/After/AllowedDomainsFilter.php
+++ b/src/Http/After/AllowedDomainsFilter.php
@@ -9,6 +9,15 @@ use Symfony\Component\HttpFoundation\Response;
 
 class AllowedDomainsFilter
 {
+    /**
+     * Run the allowed domains filter.
+     *
+     * @param \Illuminate\Routing\Route                  $route
+     * @param \Illuminate\Http\Request                   $request
+     * @param \Symfony\Component\HttpFoundation\Response $response
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
     public function filter(Route $route, Request $request, Response $response)
     {
         // Always allow our own domain.
diff --git a/src/Http/After/CorsFilter.php b/src/Http/After/CorsFilter.php
index 0cd561d4c..77e902334 100644
--- a/src/Http/After/CorsFilter.php
+++ b/src/Http/After/CorsFilter.php
@@ -8,6 +8,15 @@ use Symfony\Component\HttpFoundation\Response;
 
 class CorsFilter
 {
+    /**
+     * Run the cors filter.
+     *
+     * @param \Illuminate\Routing\Route                  $route
+     * @param \Illuminate\Http\Request                   $request
+     * @param \Symfony\Component\HttpFoundation\Response $response
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
     public function filter(Route $route, Request $request, Response $response)
     {
         $response->headers->set('Access-Control-Allow-Origin', '*');
diff --git a/src/Http/Before/AuthFilter.php b/src/Http/Before/AuthFilter.php
index 5524b33de..75f6345dc 100644
--- a/src/Http/Before/AuthFilter.php
+++ b/src/Http/Before/AuthFilter.php
@@ -10,6 +10,16 @@ use Illuminate\Support\Facades\Response;
 
 class AuthFilter
 {
+    /**
+     * Run the auth filter.
+     *
+     * We're verifying that the current user is logged in to Cachet.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request)
     {
         if (Auth::guest()) {
diff --git a/src/Http/Before/CsrfFilter.php b/src/Http/Before/CsrfFilter.php
index 50bfa83f6..48cc06efe 100644
--- a/src/Http/Before/CsrfFilter.php
+++ b/src/Http/Before/CsrfFilter.php
@@ -8,6 +8,17 @@ use Illuminate\Support\Facades\Session;
 
 class CsrfFilter
 {
+    /**
+     * Run the csrf filter.
+     *
+     * We're protecting Cachet against cross-site request forgery attacks. If
+     * our csrf token in the session does not match the one given sent to us in
+     * this request, then we'll bail.
+     *
+     * @throws \Illuminate\Session\TokenMismatchException
+     *
+     * @return void
+     */
     public function filter()
     {
         if (Session::token() !== Input::get('_token')) {
diff --git a/src/Http/Before/GuestFilter.php b/src/Http/Before/GuestFilter.php
index b320abe86..3cf19e880 100644
--- a/src/Http/Before/GuestFilter.php
+++ b/src/Http/Before/GuestFilter.php
@@ -7,6 +7,16 @@ use Illuminate\Support\Facades\Redirect;
 
 class GuestFilter
 {
+    /**
+     * Run the guest filter.
+     *
+     * We're checking if the current user is logged in to Cachet, and if
+     * they're not, then we're redirecting them to the home page.
+     *
+     * @throws \Illuminate\Session\TokenMismatchException
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter()
     {
         if (Auth::check()) {
diff --git a/src/Http/Before/HasSettingFilter.php b/src/Http/Before/HasSettingFilter.php
index 97302afe1..79609387d 100644
--- a/src/Http/Before/HasSettingFilter.php
+++ b/src/Http/Before/HasSettingFilter.php
@@ -10,11 +10,24 @@ use Illuminate\Support\Facades\Redirect;
 
 class HasSettingFilter
 {
+    /**
+     * Run the has setting filter.
+     *
+     * We're verifying that the given setting exists in our database. If it
+     * doesn't, then we're sending the user to the setup page so that they can
+     * complete the installation of Cachet on their server.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     * @param string                    $settingName
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request, $settingName)
     {
         try {
             $setting = Setting::where('name', $settingName)->first();
-            if (!$setting->value) {
+            if (!$setting || !$setting->value) {
                 return Redirect::to('setup');
             }
         } catch (Exception $e) {
diff --git a/src/Http/Before/IsSetupFilter.php b/src/Http/Before/IsSetupFilter.php
index b8f1a2a99..f3f77fc20 100644
--- a/src/Http/Before/IsSetupFilter.php
+++ b/src/Http/Before/IsSetupFilter.php
@@ -10,11 +10,23 @@ use Illuminate\Support\Facades\Redirect;
 
 class IsSetupFilter
 {
+    /**
+     * Run the is setup filter.
+     *
+     * We're verifying that Cachet is correctly setup. If it is, they we're
+     * sending the user to the dashboard so they can use Cachet.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     * @param string                    $settingName
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request)
     {
         try {
             $setting = Setting::where('name', 'app_name')->first();
-            if ($setting->value) {
+            if ($setting && $setting->value) {
                 return Redirect::to('/dashboard');
             }
         } catch (Exception $e) {
diff --git a/src/Http/Before/LoginThrottlingFilter.php b/src/Http/Before/LoginThrottlingFilter.php
index 5b3a6e488..4b783b6d4 100644
--- a/src/Http/Before/LoginThrottlingFilter.php
+++ b/src/Http/Before/LoginThrottlingFilter.php
@@ -9,13 +9,26 @@ use Illuminate\Support\Facades\Redirect;
 
 class LoginThrottlingFilter
 {
+    /**
+     * Run the login throttling filter.
+     *
+     * We're verifying that the user is not attempting to brute force Cachet's
+     * login system. If the user has reached the rate limit, then we're sending
+     * them away, otherwise, we do nothing, and allow them to continue.
+     *
+     * Note that this filter is not responsible for incrementing the hit count.
+     * Another part of Cachet will increment the hit count for the given route
+     * only if validation passes, and the user did not successfully login.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request)
     {
-        // check if we've reached the rate limit, but don't hit the throttle yet
-        // we can hit the throttle later on in the if validation passes
         if (!Throttle::check($request, 10, 10)) {
-            return Redirect::back()
-                ->with('error', 'You have made too many login requests.');
+            return Redirect::back()->with('error', 'You have made too many login requests.');
         }
     }
 }