Fully documented the filters

src/Http/After/AllowedDomainsFilter.php

@@ -9,6 +9,15 @@ use Symfony\Component\HttpFoundation\Response;
 
 class AllowedDomainsFilter
 {
+    /**
+     * Run the allowed domains filter.
+     *
+     * @param \Illuminate\Routing\Route                  $route
+     * @param \Illuminate\Http\Request                   $request
+     * @param \Symfony\Component\HttpFoundation\Response $response
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
     public function filter(Route $route, Request $request, Response $response)
     {
         // Always allow our own domain.

src/Http/After/CorsFilter.php

@@ -8,6 +8,15 @@ use Symfony\Component\HttpFoundation\Response;
 
 class CorsFilter
 {
+    /**
+     * Run the cors filter.
+     *
+     * @param \Illuminate\Routing\Route                  $route
+     * @param \Illuminate\Http\Request                   $request
+     * @param \Symfony\Component\HttpFoundation\Response $response
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
     public function filter(Route $route, Request $request, Response $response)
     {
         $response->headers->set('Access-Control-Allow-Origin', '*');

src/Http/Before/AuthFilter.php

@@ -10,6 +10,16 @@ use Illuminate\Support\Facades\Response;
 
 class AuthFilter
 {
+    /**
+     * Run the auth filter.
+     *
+     * We're verifying that the current user is logged in to Cachet.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request)
     {
         if (Auth::guest()) {

src/Http/Before/CsrfFilter.php

@@ -8,6 +8,17 @@ use Illuminate\Support\Facades\Session;
 
 class CsrfFilter
 {
+    /**
+     * Run the csrf filter.
+     *
+     * We're protecting Cachet against cross-site request forgery attacks. If
+     * our csrf token in the session does not match the one given sent to us in
+     * this request, then we'll bail.
+     *
+     * @throws \Illuminate\Session\TokenMismatchException
+     *
+     * @return void
+     */
     public function filter()
     {
         if (Session::token() !== Input::get('_token')) {

src/Http/Before/GuestFilter.php

@@ -7,6 +7,16 @@ use Illuminate\Support\Facades\Redirect;
 
 class GuestFilter
 {
+    /**
+     * Run the guest filter.
+     *
+     * We're checking if the current user is logged in to Cachet, and if
+     * they're not, then we're redirecting them to the home page.
+     *
+     * @throws \Illuminate\Session\TokenMismatchException
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter()
     {
         if (Auth::check()) {

src/Http/Before/HasSettingFilter.php

@@ -10,11 +10,24 @@ use Illuminate\Support\Facades\Redirect;
 
 class HasSettingFilter
 {
+    /**
+     * Run the has setting filter.
+     *
+     * We're verifying that the given setting exists in our database. If it
+     * doesn't, then we're sending the user to the setup page so that they can
+     * complete the installation of Cachet on their server.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     * @param string                    $settingName
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request, $settingName)
     {
         try {
             $setting = Setting::where('name', $settingName)->first();
-            if (!$setting->value) {
+            if (!$setting || !$setting->value) {
                 return Redirect::to('setup');
             }
         } catch (Exception $e) {

src/Http/Before/IsSetupFilter.php

@@ -10,11 +10,23 @@ use Illuminate\Support\Facades\Redirect;
 
 class IsSetupFilter
 {
+    /**
+     * Run the is setup filter.
+     *
+     * We're verifying that Cachet is correctly setup. If it is, they we're
+     * sending the user to the dashboard so they can use Cachet.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     * @param string                    $settingName
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request)
     {
         try {
             $setting = Setting::where('name', 'app_name')->first();
-            if ($setting->value) {
+            if ($setting && $setting->value) {
                 return Redirect::to('/dashboard');
             }
         } catch (Exception $e) {

src/Http/Before/LoginThrottlingFilter.php

@@ -9,13 +9,26 @@ use Illuminate\Support\Facades\Redirect;
 
 class LoginThrottlingFilter
 {
+    /**
+     * Run the login throttling filter.
+     *
+     * We're verifying that the user is not attempting to brute force Cachet's
+     * login system. If the user has reached the rate limit, then we're sending
+     * them away, otherwise, we do nothing, and allow them to continue.
+     *
+     * Note that this filter is not responsible for incrementing the hit count.
+     * Another part of Cachet will increment the hit count for the given route
+     * only if validation passes, and the user did not successfully login.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     *
+     * @return \Illuminate\Http\Response|null
+     */
     public function filter(Route $route, Request $request)
     {
-        // check if we've reached the rate limit, but don't hit the throttle yet
-        // we can hit the throttle later on in the if validation passes
         if (!Throttle::check($request, 10, 10)) {
-            return Redirect::back()
+            return Redirect::back()->with('error', 'You have made too many login requests.');
-                ->with('error', 'You have made too many login requests.');
         }
     }
 }