Basic ban system(unfinished), improved double session protection, and sessions on all middleware groups.
This commit is contained in:
Graphictoria
parent
80eb66fb86
commit
a5d1d2f55b
|
|
@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
|
|||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Auth\LoginRequest;
|
||||
use App\Providers\RouteServiceProvider;
|
||||
use App\Models\Session;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
|
|
@ -29,7 +30,7 @@ class AuthenticatedSessionController extends Controller
|
|||
public function store(LoginRequest $request)
|
||||
{
|
||||
$request->authenticate();
|
||||
|
||||
|
||||
$request->session()->regenerate();
|
||||
|
||||
return redirect()->intended(RouteServiceProvider::HOME);
|
||||
|
|
|
|||
|
|
@ -20,19 +20,13 @@ class DoubleSessionBlockController extends Controller
|
|||
'g-recaptcha-response' => [new \App\Rules\GoogleRecaptcha]
|
||||
]);
|
||||
|
||||
$record = Session::where('id', session()->getId())->first();
|
||||
if($record) {
|
||||
$record->bypass_block_screen = true;
|
||||
$record->save();
|
||||
|
||||
$returnUrl = request()->input('ReturnUrl');
|
||||
|
||||
if(!$returnUrl)
|
||||
$returnUrl = '/';
|
||||
|
||||
return redirect(urldecode($returnUrl), 302);
|
||||
} else {
|
||||
return redirect()->back()->withErrors('Could not unblock. Try again.');
|
||||
}
|
||||
request()->session()->put('bypass-block-screen', true);
|
||||
|
||||
$returnUrl = request()->input('ReturnUrl');
|
||||
|
||||
if(!$returnUrl)
|
||||
$returnUrl = '/';
|
||||
|
||||
return redirect(urldecode($returnUrl), 302);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Auth;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class UserModerationController extends Controller
|
||||
{
|
||||
public function create()
|
||||
{
|
||||
return view('auth.moderated');
|
||||
}
|
||||
}
|
||||
|
|
@ -19,6 +19,8 @@ class Kernel extends HttpKernel
|
|||
// \App\Http\Middleware\TrustHosts::class,
|
||||
\App\Http\Middleware\TrustProxies::class,
|
||||
\Illuminate\Http\Middleware\HandleCors::class,
|
||||
\Illuminate\Session\Middleware\StartSession::class,
|
||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
|
||||
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
||||
\App\Http\Middleware\TrimStrings::class,
|
||||
|
|
@ -34,8 +36,6 @@ class Kernel extends HttpKernel
|
|||
'web' => [
|
||||
\App\Http\Middleware\EncryptCookies::class,
|
||||
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||
\Illuminate\Session\Middleware\StartSession::class,
|
||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||
|
||||
|
|
@ -68,5 +68,7 @@ class Kernel extends HttpKernel
|
|||
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
|
||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||
|
||||
'banned' => \App\Http\Middleware\CheckBan::class,
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class CheckBan
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
|
||||
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if(Auth::check() && Auth::user()->banId != null) {
|
||||
if($request->route()->getName() != 'moderation.notice' && $request->route()->getName() != 'logout') {
|
||||
return redirect()
|
||||
->to(route('moderation.notice', [], 302));
|
||||
}
|
||||
} else {
|
||||
return redirect('/', 302);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -26,14 +26,8 @@ class DoubleSessionProtector
|
|||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$record = Session::where('id', session()->getId())->where('bypass_block_screen', true)->first();
|
||||
if($record) {
|
||||
if($request->route()->getName() == 'ddos.bypass') {
|
||||
return redirect('/', 302);
|
||||
}
|
||||
|
||||
if($request->session()->get('bypass-block-screen', false))
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/* */
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ return new class extends Migration
|
|||
$table->text('user_agent')->nullable();
|
||||
$table->text('payload');
|
||||
$table->integer('last_activity')->index();
|
||||
$table->boolean('bypass_block_screen')->default(false);
|
||||
$table->timestamps();
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -455,6 +455,13 @@ html {
|
|||
}
|
||||
}
|
||||
|
||||
.graphictoria-moderation-card {
|
||||
@media (min-width: 992px) {
|
||||
max-width: 70%;
|
||||
margin: auto;
|
||||
}
|
||||
}
|
||||
|
||||
.card {
|
||||
@include shadow();
|
||||
html.gtoria-dark & {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,42 @@
|
|||
@php
|
||||
$noFooter = true;
|
||||
$noNav = true;
|
||||
@endphp
|
||||
|
||||
@extends('layouts.app')
|
||||
|
||||
@section('title', 'Moderation Notice')
|
||||
|
||||
@section('content')
|
||||
<div class="container m-auto">
|
||||
<x-card class="graphictoria-moderation-card">
|
||||
<x-slot name="title">
|
||||
MODERATION NOTICE
|
||||
</x-slot>
|
||||
<x-slot name="body">
|
||||
<div class="p-2 mb-2 d-flex flex-column justify-content-center">
|
||||
<p>Your account has been suspended for violating our Terms of Service.</p>
|
||||
<div class="my-3">
|
||||
<p><b>Suspention Date:</b> 5/6/2022 9:35 PM</p>
|
||||
<p><b>Note:</b> testing</p>
|
||||
</div>
|
||||
</div>
|
||||
</x-slot>
|
||||
<x-slot name="footer">
|
||||
<p>By checking the "I Agree" checkbox below, you agree to abide by Graphictoria's Terms of Service. Your account will be permantently suspended if you continue breaking the Terms of Service.</p>
|
||||
<form>
|
||||
<div class="my-2">
|
||||
<input class="form-check-input" type="checkbox" value="" id="agree" name="agree">
|
||||
<label class="form-check-label" for="agree">
|
||||
I Agree
|
||||
</label>
|
||||
</div>
|
||||
<button class="btn btn-primary">REACTIVATE</button>
|
||||
</form>
|
||||
|
||||
<p>You will be able to reactivate your account in <b>0 Seconds</b>.</p>
|
||||
<p class="text-muted">If you believe you have been unfairly moderated, please contact us at contact us at <a href="mailto:support@gtoria.net" class="fw-bold text-decoration-none">support@gtoria.net</a> and we'll be happy to help.</p>
|
||||
</x-slot>
|
||||
</x-card>
|
||||
</div>
|
||||
@endsection
|
||||
|
|
@ -1,4 +1,10 @@
|
|||
<div class="card graphictoria-small-card shadow-sm">
|
||||
@php
|
||||
$classes = ['card', 'graphictoria-small-card', 'shadow-sm'];
|
||||
|
||||
if(isset($attributes['class']))
|
||||
$classes = array_merge($classes, explode(' ', $attributes['class']));
|
||||
@endphp
|
||||
<div @class($classes)>
|
||||
<div class="card-body text-center">
|
||||
<h5 class="card-title fw-bold">{{ isset($title) ? $title : $attributes['title'] }}</h5>
|
||||
<hr class="mx-5"/>
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ use App\Http\Controllers\Auth\EmailVerificationPromptController;
|
|||
use App\Http\Controllers\Auth\NewPasswordController;
|
||||
use App\Http\Controllers\Auth\PasswordResetLinkController;
|
||||
use App\Http\Controllers\Auth\RegisteredUserController;
|
||||
use App\Http\Controllers\Auth\UserModerationController;
|
||||
use App\Http\Controllers\Auth\VerifyEmailController;
|
||||
use App\Http\Controllers\IndexController;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
|
@ -27,7 +28,7 @@ Route::get('/', function () {
|
|||
return view('welcome');
|
||||
})->middleware(['guest'])->name('welcome');
|
||||
|
||||
Route::get('/my/dashboard', function () {
|
||||
Route::get('my/dashboard', function () {
|
||||
return view('dashboard');
|
||||
})->middleware(['auth'])->name('dashboard');
|
||||
|
||||
|
|
@ -35,6 +36,10 @@ Route::get('request-blocked', [DoubleSessionBlockController::class, 'create'])
|
|||
->name('ddos.bypass');
|
||||
Route::post('request-blocked', [DoubleSessionBlockController::class, 'store']);
|
||||
|
||||
Route::get('moderation-notice', [UserModerationController::class, 'create'])
|
||||
->middleware(['banned'])
|
||||
->name('moderation.notice');
|
||||
|
||||
Route::middleware('guest')->group(function () {
|
||||
Route::get('register', [RegisteredUserController::class, 'create'])
|
||||
->name('register');
|
||||
|
|
|
|||
Loading…
Reference in New Issue