From a5d1d2f55b83331286ad7d8198eebabd8e25b974 Mon Sep 17 00:00:00 2001 From: Graphictoria Date: Sat, 7 May 2022 14:28:17 -0400 Subject: [PATCH] Basic ban system(unfinished), improved double session protection, and sessions on all middleware groups. --- .../Auth/AuthenticatedSessionController.php | 3 +- .../Auth/DoubleSessionBlockController.php | 22 ++++------ .../Auth/UserModerationController.php | 14 +++++++ web/app/Http/Kernel.php | 6 ++- web/app/Http/Middleware/CheckBan.php | 31 ++++++++++++++ .../Middleware/DoubleSessionProtector.php | 8 +--- ...022_05_05_203337_create_sessions_table.php | 1 - web/resources/sass/Graphictoria.scss | 7 ++++ web/resources/views/auth/moderated.blade.php | 42 +++++++++++++++++++ web/resources/views/components/card.blade.php | 8 +++- web/routes/web.php | 7 +++- 11 files changed, 122 insertions(+), 27 deletions(-) create mode 100644 web/app/Http/Controllers/Auth/UserModerationController.php create mode 100644 web/app/Http/Middleware/CheckBan.php create mode 100644 web/resources/views/auth/moderated.blade.php diff --git a/web/app/Http/Controllers/Auth/AuthenticatedSessionController.php b/web/app/Http/Controllers/Auth/AuthenticatedSessionController.php index 09abe87..6c2352f 100644 --- a/web/app/Http/Controllers/Auth/AuthenticatedSessionController.php +++ b/web/app/Http/Controllers/Auth/AuthenticatedSessionController.php @@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use App\Http\Requests\Auth\LoginRequest; use App\Providers\RouteServiceProvider; +use App\Models\Session; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; @@ -29,7 +30,7 @@ class AuthenticatedSessionController extends Controller public function store(LoginRequest $request) { $request->authenticate(); - + $request->session()->regenerate(); return redirect()->intended(RouteServiceProvider::HOME); diff --git a/web/app/Http/Controllers/Auth/DoubleSessionBlockController.php b/web/app/Http/Controllers/Auth/DoubleSessionBlockController.php index a22a1b1..9605937 100644 --- a/web/app/Http/Controllers/Auth/DoubleSessionBlockController.php +++ b/web/app/Http/Controllers/Auth/DoubleSessionBlockController.php @@ -20,19 +20,13 @@ class DoubleSessionBlockController extends Controller 'g-recaptcha-response' => [new \App\Rules\GoogleRecaptcha] ]); - $record = Session::where('id', session()->getId())->first(); - if($record) { - $record->bypass_block_screen = true; - $record->save(); - - $returnUrl = request()->input('ReturnUrl'); - - if(!$returnUrl) - $returnUrl = '/'; - - return redirect(urldecode($returnUrl), 302); - } else { - return redirect()->back()->withErrors('Could not unblock. Try again.'); - } + request()->session()->put('bypass-block-screen', true); + + $returnUrl = request()->input('ReturnUrl'); + + if(!$returnUrl) + $returnUrl = '/'; + + return redirect(urldecode($returnUrl), 302); } } diff --git a/web/app/Http/Controllers/Auth/UserModerationController.php b/web/app/Http/Controllers/Auth/UserModerationController.php new file mode 100644 index 0000000..a816eca --- /dev/null +++ b/web/app/Http/Controllers/Auth/UserModerationController.php @@ -0,0 +1,14 @@ + [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, - \Illuminate\Session\Middleware\StartSession::class, - \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, @@ -68,5 +68,7 @@ class Kernel extends HttpKernel 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, + + 'banned' => \App\Http\Middleware\CheckBan::class, ]; } diff --git a/web/app/Http/Middleware/CheckBan.php b/web/app/Http/Middleware/CheckBan.php new file mode 100644 index 0000000..df2ad1c --- /dev/null +++ b/web/app/Http/Middleware/CheckBan.php @@ -0,0 +1,31 @@ +banId != null) { + if($request->route()->getName() != 'moderation.notice' && $request->route()->getName() != 'logout') { + return redirect() + ->to(route('moderation.notice', [], 302)); + } + } else { + return redirect('/', 302); + } + + return $next($request); + } +} diff --git a/web/app/Http/Middleware/DoubleSessionProtector.php b/web/app/Http/Middleware/DoubleSessionProtector.php index 2fba5cb..afbdf9b 100644 --- a/web/app/Http/Middleware/DoubleSessionProtector.php +++ b/web/app/Http/Middleware/DoubleSessionProtector.php @@ -26,14 +26,8 @@ class DoubleSessionProtector */ public function handle(Request $request, Closure $next) { - $record = Session::where('id', session()->getId())->where('bypass_block_screen', true)->first(); - if($record) { - if($request->route()->getName() == 'ddos.bypass') { - return redirect('/', 302); - } - + if($request->session()->get('bypass-block-screen', false)) return $next($request); - } /* */ diff --git a/web/database/migrations/2022_05_05_203337_create_sessions_table.php b/web/database/migrations/2022_05_05_203337_create_sessions_table.php index b5444bc..29b4b5c 100644 --- a/web/database/migrations/2022_05_05_203337_create_sessions_table.php +++ b/web/database/migrations/2022_05_05_203337_create_sessions_table.php @@ -20,7 +20,6 @@ return new class extends Migration $table->text('user_agent')->nullable(); $table->text('payload'); $table->integer('last_activity')->index(); - $table->boolean('bypass_block_screen')->default(false); $table->timestamps(); }); } diff --git a/web/resources/sass/Graphictoria.scss b/web/resources/sass/Graphictoria.scss index 021f402..b48c7db 100644 --- a/web/resources/sass/Graphictoria.scss +++ b/web/resources/sass/Graphictoria.scss @@ -455,6 +455,13 @@ html { } } +.graphictoria-moderation-card { + @media (min-width: 992px) { + max-width: 70%; + margin: auto; + } +} + .card { @include shadow(); html.gtoria-dark & { diff --git a/web/resources/views/auth/moderated.blade.php b/web/resources/views/auth/moderated.blade.php new file mode 100644 index 0000000..9d3f03a --- /dev/null +++ b/web/resources/views/auth/moderated.blade.php @@ -0,0 +1,42 @@ +@php + $noFooter = true; + $noNav = true; +@endphp + +@extends('layouts.app') + +@section('title', 'Moderation Notice') + +@section('content') +
+ + + MODERATION NOTICE + + +
+

Your account has been suspended for violating our Terms of Service.

+
+

Suspention Date: 5/6/2022 9:35 PM

+

Note: testing

+
+
+ + +

By checking the "I Agree" checkbox below, you agree to abide by Graphictoria's Terms of Service. Your account will be permantently suspended if you continue breaking the Terms of Service.

+
+
+ + +
+ +
+ +

You will be able to reactivate your account in 0 Seconds.

+

If you believe you have been unfairly moderated, please contact us at contact us at support@gtoria.net and we'll be happy to help.

+ + +
+@endsection diff --git a/web/resources/views/components/card.blade.php b/web/resources/views/components/card.blade.php index 1541ecb..b445434 100644 --- a/web/resources/views/components/card.blade.php +++ b/web/resources/views/components/card.blade.php @@ -1,4 +1,10 @@ -
+@php + $classes = ['card', 'graphictoria-small-card', 'shadow-sm']; + + if(isset($attributes['class'])) + $classes = array_merge($classes, explode(' ', $attributes['class'])); +@endphp +
{{ isset($title) ? $title : $attributes['title'] }}
diff --git a/web/routes/web.php b/web/routes/web.php index 10fa8c2..84d988b 100644 --- a/web/routes/web.php +++ b/web/routes/web.php @@ -8,6 +8,7 @@ use App\Http\Controllers\Auth\EmailVerificationPromptController; use App\Http\Controllers\Auth\NewPasswordController; use App\Http\Controllers\Auth\PasswordResetLinkController; use App\Http\Controllers\Auth\RegisteredUserController; +use App\Http\Controllers\Auth\UserModerationController; use App\Http\Controllers\Auth\VerifyEmailController; use App\Http\Controllers\IndexController; use Illuminate\Support\Facades\Route; @@ -27,7 +28,7 @@ Route::get('/', function () { return view('welcome'); })->middleware(['guest'])->name('welcome'); -Route::get('/my/dashboard', function () { +Route::get('my/dashboard', function () { return view('dashboard'); })->middleware(['auth'])->name('dashboard'); @@ -35,6 +36,10 @@ Route::get('request-blocked', [DoubleSessionBlockController::class, 'create']) ->name('ddos.bypass'); Route::post('request-blocked', [DoubleSessionBlockController::class, 'store']); +Route::get('moderation-notice', [UserModerationController::class, 'create']) + ->middleware(['banned']) + ->name('moderation.notice'); + Route::middleware('guest')->group(function () { Route::get('register', [RegisteredUserController::class, 'create']) ->name('register');