why whyw hyw wyh wyhw yhwhywy "

2021-12-21 17:39:37 -05:00 · 2021-12-21 17:39:37 -05:00 · 4723884800
parent 000ed84ff8
commit 4723884800
11 changed files with 141 additions and 69 deletions
--- a/web/app/Http/Kernel.php
+++ b/web/app/Http/Kernel.php
@ -15,6 +15,7 @@ class Kernel extends HttpKernel
     */
    protected $middleware = [
        // \App\Http\Middleware\TrustHosts::class,
+		\App\Http\Middleware\Cors::class,
        \App\Http\Middleware\TrustProxies::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
@ -39,6 +40,7 @@ class Kernel extends HttpKernel

        'api' => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
+			\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
@ -61,7 +63,6 @@ class Kernel extends HttpKernel
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-		'cors' => \App\Http\Middleware\Cors::class,
-		'maintenance' => \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
+        'maintenance' => \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
    ];
 }
--- a/web/app/Http/Middleware/Cors.php
+++ b/web/app/Http/Middleware/Cors.php
@ -17,9 +17,7 @@ class Cors
    public function handle(Request $request, Closure $next)
    {
 		$trustedHosts = explode(',', env('TRUSTED_HOSTS'));
-		
 		$origin = parse_url($request->headers->get('origin'),  PHP_URL_HOST);
-		
 		$passCheck = false;
 		
 		foreach($trustedHosts as &$host)
@ -28,12 +26,23 @@ class Cors
 				$passCheck = true;
 		}
 		
+		$allowedOrigin = ('http' . ($request->secure() ? 's' : null) . '://' . $origin);
+		
+		if($passCheck && $request->getMethod() === 'OPTIONS' && $request->headers->has('Access-Control-Request-Method'))
+		{
+			return response('')
+					->setStatusCode(204)
+					->header('Access-Control-Allow-Origin', $allowedOrigin)
+					->header('Access-Control-Allow-Methods', '*')
+					->header('Access-Control-Max-Age', '86400');
+		}
+		
 		$nextClosure = $next($request);
 		
 		if($passCheck)
 		{
 			$nextClosure
-				->header('Access-Control-Allow-Origin', 'http' . ($request->secure() ? 's' : null) . '://' . $origin)
+				->header('Access-Control-Allow-Origin', $allowedOrigin)
 				->header('Vary', 'origin');
 		}
 		
--- a/web/app/Http/Middleware/PreventRequestsDuringMaintenance.php
+++ b/web/app/Http/Middleware/PreventRequestsDuringMaintenance.php
@ -21,7 +21,7 @@ class PreventRequestsDuringMaintenance
     *
     * @var array
     */
-    protected $except = ['banners/data'];
+    protected $except = ['banners/data', 'maintenance/bypass'];

    /**
     * Create a new middleware instance.
@ -39,11 +39,12 @@ class PreventRequestsDuringMaintenance
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
+     * @param  string  $group
     * @return mixed
     *
     * @throws \Symfony\Component\HttpKernel\Exception\HttpException
     */
-    public function handle($request, Closure $next)
+    public function handle($request, Closure $next, $group = null)
    {
        if ($this->app->isDownForMaintenance()) {
            $data = json_decode(file_get_contents($this->app->storagePath().'/framework/down'), true);
@ -51,7 +52,7 @@ class PreventRequestsDuringMaintenance
            if (isset($data['secret']) && $request->path() === $data['secret']) {
                return $this->bypassResponse($data['secret']);
            }
-
+			
            if ($this->hasValidBypassCookie($request, $data) ||
                $this->inExceptArray($request)) {
                return $next($request);
--- a/web/app/Models/WebsiteConfiguration.php
+++ b/web/app/Models/WebsiteConfiguration.php
@ -0,0 +1,11 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class WebsiteConfiguration extends Model
+{
+    use HasFactory;
+}
--- a/web/config/cors.php
+++ b/web/config/cors.php
@ -1,34 +0,0 @@
-<?php
-
-return [
-
-    /*
-    |--------------------------------------------------------------------------
-    | Cross-Origin Resource Sharing (CORS) Configuration
-    |--------------------------------------------------------------------------
-    |
-    | Here you may configure your settings for cross-origin resource sharing
-    | or "CORS". This determines what cross-origin operations may execute
-    | in web browsers. You are free to adjust these settings as needed.
-    |
-    | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
-    |
-    */
-
-    'paths' => ['api/*', 'sanctum/csrf-cookie'],
-
-    'allowed_methods' => ['*'],
-
-    'allowed_origins' => ['*'],
-
-    'allowed_origins_patterns' => [],
-
-    'allowed_headers' => ['*'],
-
-    'exposed_headers' => [],
-
-    'max_age' => 0,
-
-    'supports_credentials' => false,
-
-];
--- a/web/database/migrations/2021_12_18_202631_create_website_configurations_table.php
+++ b/web/database/migrations/2021_12_18_202631_create_website_configurations_table.php
@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateWebsiteConfigurationsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('website_configurations', function (Blueprint $table) {
+            $table->id();
+			$table->string('name');
+			$table->string('value');
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('website_configurations');
+    }
+}
--- a/web/database/seeders/DatabaseSeeder.php
+++ b/web/database/seeders/DatabaseSeeder.php
@ -6,6 +6,8 @@ use Illuminate\Database\Seeder;

 use Database\Seeders\WebStatusSeeder;

+use Database\Seeders\WebConfigurationSeeder;
+
 class DatabaseSeeder extends Seeder
 {
    /**
@ -17,7 +19,8 @@ class DatabaseSeeder extends Seeder
    {
 		$this->call([
 			WebStatusSeeder::class,
-			FFlagSeeder::class
+			FFlagSeeder::class,
+			WebConfigurationSeeder::class
 		]);
    }
 }
--- a/web/database/seeders/WebConfigurationSeeder.php
+++ b/web/database/seeders/WebConfigurationSeeder.php
@ -0,0 +1,27 @@
+<?php
+
+namespace Database\Seeders;
+
+use Illuminate\Database\Seeder;
+
+use App\Models\WebsiteConfiguration;
+
+class WebConfigurationSeeder extends Seeder
+{
+    /**
+     * Run the database seeds.
+     *
+     * @return void
+     */
+    public function run()
+    {
+        WebsiteConfiguration::create([
+			'name' => 'MaintenancePassword',
+			'value' => json_encode(
+				[
+					'combination' => ['g','t','o','r','i','a'],
+					'password' => '@bs0lut3lyM@55!v3P@55w0rd'
+				])
+		]); // please please please please please please please change the default password
+    }
+}
--- a/web/resources/js/pages/Maintenance.js
+++ b/web/resources/js/pages/Maintenance.js
@ -1,13 +1,18 @@
 // © XlXi 2021
 // Graphictoria 5

+import axios from 'axios';
 import React, { useRef, Suspense } from 'react';

 import { Canvas, useFrame } from '@react-three/fiber';
 import { Instances, Instance, PerspectiveCamera, useGLTF } from '@react-three/drei';

+import Config from '../config.js';
 import SetTitle from '../Helpers/Title.js';

+var url = Config.BaseUrl.replace('http://', '');
+var protocol = Config.Protocol;
+
 const randomVector = (r) => [r / 2 - Math.random() * r, r / 2 - Math.random() * r, r / 2 - Math.random() * r];
 const randomEuler = () => [Math.random() * Math.PI, Math.random() * Math.PI, Math.random() * Math.PI];
 const randomData = Array.from({ length: 2000 }, (r = 200) => ({ random: Math.random(), position: randomVector(r), rotation: randomEuler() }));
@ -28,9 +33,18 @@ function MakeButtons()
 	}
 }

-function DoButton(position)
+let ButtonHistory = []
+
+function DoButton(position, state)
 {
-	console.log(position);
+	ButtonHistory.push(position);
+	axios.post(protocol + 'apis.' + url + '/maintenance/bypass', {
+			'password': state.passwordState,
+			'buttons': ButtonHistory
+		})
+		.then((response) => {
+			console.log(response);
+		});
 }

 function Scene() {
@ -82,6 +96,11 @@ function Camera({ ...props }){

 class Maintenance extends React.Component {
 	
+	constructor(props) {
+		super(props);
+		this.state = { passwordState: '' };
+	}
+	
 	componentDidMount()
 	{
 		SetTitle("Maintenance");
@ -103,11 +122,11 @@ class Maintenance extends React.Component {
 					<h1>Graphictoria is currently under maintenance.</h1>
 					<h4>Our cyborg team of highly trained code-monkes are working to make Graphictoria better. We'll be back soon!</h4>
 					<div className="input-group mt-5">
-						<input type="password" className="form-control" placeholder="Password" autoComplete="off"/>
+						<input type="password" className="form-control" placeholder="Password" autoComplete="off" onChange={ changeEvent => this.setState({passwordState: changeEvent.target.value}) } value={ this.state.passwordState }/>
 						{
 							Buttons.map(character => (
 								<React.Fragment key={character.id}>
-									<button className="btn btn-secondary" type="button" onClick={ () => DoButton(character.id) }>{character.value}</button>
+									<button className="btn btn-secondary" type="button" onClick={ () => DoButton(character.id, this.state) }>{character.value}</button>
 								</React.Fragment>
 							))
 						}
--- a/web/routes/apis.php
+++ b/web/routes/apis.php
@ -16,18 +16,20 @@ use App\Http\Controllers\GamesController;
 |
 */

-Route::middleware(['cors', 'maintenance'])->group(function() {
-	Route::get('/', function () {
-		return 'API OK';
-	});
-	
-	Route::get('/banners/data', [BannerController::class, 'getBanners']);
+Route::get('/', function(){
+	return 'API OK';
+});

-	Route::get('/games/metadata', [GamesController::class, 'isAvailable']);
+Route::get('/banners/data', [BannerController::class, 'getBanners']);

-	Route::fallback(function () {
-		return response('{"errors":[{"code":404,"message":"NotFound"}]}', 404)
-			->header('Cache-Control', 'private')
-			->header('Content-Type', 'application/json; charset=utf-8');
-	});
+Route::get('/games/metadata', [GamesController::class, 'isAvailable']);
+
+Route::post('/maintenance/bypass', function(){
+	return 'test';
+});
+
+Route::fallback(function(){
+	return response('{"errors":[{"code":404,"message":"NotFound"}]}', 404)
+		->header('Cache-Control', 'private')
+		->header('Content-Type', 'application/json; charset=utf-8');
 });
--- a/web/routes/web.php
+++ b/web/routes/web.php
@ -13,42 +13,42 @@ use Illuminate\Support\Facades\Route;
 |
 */

-Route::get('/javascript', function () {
+Route::get('/javascript', function(){
    return view('javascript');
 });

-Route::get('/', function () {
+Route::get('/', function(){
    return view('main');
 });

-Route::get('/login', function () {
+Route::get('/login', function(){
    return view('main');
 });

-Route::get('/register', function () {
+Route::get('/register', function(){
    return view('main');
 });

-Route::get('/passwordreset', function () {
+Route::get('/passwordreset', function(){
    return view('main');
 });

-Route::get('/legal/about-us', function () {
+Route::get('/legal/about-us', function(){
    return view('main');
 });

-Route::get('/legal/terms-of-service', function () {
+Route::get('/legal/terms-of-service', function(){
    return view('main');
 });

-Route::get('/legal/privacy-policy', function () {
+Route::get('/legal/privacy-policy', function(){
    return view('main');
 });

-Route::get('/legal/dmca', function () {
+Route::get('/legal/dmca', function(){
    return view('main');
 });

-Route::get('/games', function () {
+Route::get('/games', function(){
    return view('main');
 });