Basic ban system(unfinished), improved double session protection, and sessions on all middleware groups.
This commit is contained in:
Graphictoria
parent
80eb66fb86
commit
a5d1d2f55b
|
|
@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
|
||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
use App\Http\Requests\Auth\LoginRequest;
|
use App\Http\Requests\Auth\LoginRequest;
|
||||||
use App\Providers\RouteServiceProvider;
|
use App\Providers\RouteServiceProvider;
|
||||||
|
use App\Models\Session;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
|
|
||||||
|
|
@ -29,7 +30,7 @@ class AuthenticatedSessionController extends Controller
|
||||||
public function store(LoginRequest $request)
|
public function store(LoginRequest $request)
|
||||||
{
|
{
|
||||||
$request->authenticate();
|
$request->authenticate();
|
||||||
|
|
||||||
$request->session()->regenerate();
|
$request->session()->regenerate();
|
||||||
|
|
||||||
return redirect()->intended(RouteServiceProvider::HOME);
|
return redirect()->intended(RouteServiceProvider::HOME);
|
||||||
|
|
|
||||||
|
|
@ -20,19 +20,13 @@ class DoubleSessionBlockController extends Controller
|
||||||
'g-recaptcha-response' => [new \App\Rules\GoogleRecaptcha]
|
'g-recaptcha-response' => [new \App\Rules\GoogleRecaptcha]
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$record = Session::where('id', session()->getId())->first();
|
request()->session()->put('bypass-block-screen', true);
|
||||||
if($record) {
|
|
||||||
$record->bypass_block_screen = true;
|
$returnUrl = request()->input('ReturnUrl');
|
||||||
$record->save();
|
|
||||||
|
if(!$returnUrl)
|
||||||
$returnUrl = request()->input('ReturnUrl');
|
$returnUrl = '/';
|
||||||
|
|
||||||
if(!$returnUrl)
|
return redirect(urldecode($returnUrl), 302);
|
||||||
$returnUrl = '/';
|
|
||||||
|
|
||||||
return redirect(urldecode($returnUrl), 302);
|
|
||||||
} else {
|
|
||||||
return redirect()->back()->withErrors('Could not unblock. Try again.');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Controllers\Auth;
|
||||||
|
|
||||||
|
use App\Http\Controllers\Controller;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
|
class UserModerationController extends Controller
|
||||||
|
{
|
||||||
|
public function create()
|
||||||
|
{
|
||||||
|
return view('auth.moderated');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -19,6 +19,8 @@ class Kernel extends HttpKernel
|
||||||
// \App\Http\Middleware\TrustHosts::class,
|
// \App\Http\Middleware\TrustHosts::class,
|
||||||
\App\Http\Middleware\TrustProxies::class,
|
\App\Http\Middleware\TrustProxies::class,
|
||||||
\Illuminate\Http\Middleware\HandleCors::class,
|
\Illuminate\Http\Middleware\HandleCors::class,
|
||||||
|
\Illuminate\Session\Middleware\StartSession::class,
|
||||||
|
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||||
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
|
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
|
||||||
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
||||||
\App\Http\Middleware\TrimStrings::class,
|
\App\Http\Middleware\TrimStrings::class,
|
||||||
|
|
@ -34,8 +36,6 @@ class Kernel extends HttpKernel
|
||||||
'web' => [
|
'web' => [
|
||||||
\App\Http\Middleware\EncryptCookies::class,
|
\App\Http\Middleware\EncryptCookies::class,
|
||||||
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||||
\Illuminate\Session\Middleware\StartSession::class,
|
|
||||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
|
||||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||||
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||||
|
|
||||||
|
|
@ -68,5 +68,7 @@ class Kernel extends HttpKernel
|
||||||
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
|
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
|
||||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||||
|
|
||||||
|
'banned' => \App\Http\Middleware\CheckBan::class,
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Middleware;
|
||||||
|
|
||||||
|
use Closure;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
use Illuminate\Support\Facades\Auth;
|
||||||
|
|
||||||
|
class CheckBan
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Handle an incoming request.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
|
||||||
|
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
|
||||||
|
*/
|
||||||
|
public function handle(Request $request, Closure $next)
|
||||||
|
{
|
||||||
|
if(Auth::check() && Auth::user()->banId != null) {
|
||||||
|
if($request->route()->getName() != 'moderation.notice' && $request->route()->getName() != 'logout') {
|
||||||
|
return redirect()
|
||||||
|
->to(route('moderation.notice', [], 302));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return redirect('/', 302);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $next($request);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -26,14 +26,8 @@ class DoubleSessionProtector
|
||||||
*/
|
*/
|
||||||
public function handle(Request $request, Closure $next)
|
public function handle(Request $request, Closure $next)
|
||||||
{
|
{
|
||||||
$record = Session::where('id', session()->getId())->where('bypass_block_screen', true)->first();
|
if($request->session()->get('bypass-block-screen', false))
|
||||||
if($record) {
|
|
||||||
if($request->route()->getName() == 'ddos.bypass') {
|
|
||||||
return redirect('/', 302);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
}
|
|
||||||
|
|
||||||
/* */
|
/* */
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ return new class extends Migration
|
||||||
$table->text('user_agent')->nullable();
|
$table->text('user_agent')->nullable();
|
||||||
$table->text('payload');
|
$table->text('payload');
|
||||||
$table->integer('last_activity')->index();
|
$table->integer('last_activity')->index();
|
||||||
$table->boolean('bypass_block_screen')->default(false);
|
|
||||||
$table->timestamps();
|
$table->timestamps();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -455,6 +455,13 @@ html {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.graphictoria-moderation-card {
|
||||||
|
@media (min-width: 992px) {
|
||||||
|
max-width: 70%;
|
||||||
|
margin: auto;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
.card {
|
.card {
|
||||||
@include shadow();
|
@include shadow();
|
||||||
html.gtoria-dark & {
|
html.gtoria-dark & {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,42 @@
|
||||||
|
@php
|
||||||
|
$noFooter = true;
|
||||||
|
$noNav = true;
|
||||||
|
@endphp
|
||||||
|
|
||||||
|
@extends('layouts.app')
|
||||||
|
|
||||||
|
@section('title', 'Moderation Notice')
|
||||||
|
|
||||||
|
@section('content')
|
||||||
|
<div class="container m-auto">
|
||||||
|
<x-card class="graphictoria-moderation-card">
|
||||||
|
<x-slot name="title">
|
||||||
|
MODERATION NOTICE
|
||||||
|
</x-slot>
|
||||||
|
<x-slot name="body">
|
||||||
|
<div class="p-2 mb-2 d-flex flex-column justify-content-center">
|
||||||
|
<p>Your account has been suspended for violating our Terms of Service.</p>
|
||||||
|
<div class="my-3">
|
||||||
|
<p><b>Suspention Date:</b> 5/6/2022 9:35 PM</p>
|
||||||
|
<p><b>Note:</b> testing</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</x-slot>
|
||||||
|
<x-slot name="footer">
|
||||||
|
<p>By checking the "I Agree" checkbox below, you agree to abide by Graphictoria's Terms of Service. Your account will be permantently suspended if you continue breaking the Terms of Service.</p>
|
||||||
|
<form>
|
||||||
|
<div class="my-2">
|
||||||
|
<input class="form-check-input" type="checkbox" value="" id="agree" name="agree">
|
||||||
|
<label class="form-check-label" for="agree">
|
||||||
|
I Agree
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<button class="btn btn-primary">REACTIVATE</button>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<p>You will be able to reactivate your account in <b>0 Seconds</b>.</p>
|
||||||
|
<p class="text-muted">If you believe you have been unfairly moderated, please contact us at contact us at <a href="mailto:support@gtoria.net" class="fw-bold text-decoration-none">support@gtoria.net</a> and we'll be happy to help.</p>
|
||||||
|
</x-slot>
|
||||||
|
</x-card>
|
||||||
|
</div>
|
||||||
|
@endsection
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
<div class="card graphictoria-small-card shadow-sm">
|
@php
|
||||||
|
$classes = ['card', 'graphictoria-small-card', 'shadow-sm'];
|
||||||
|
|
||||||
|
if(isset($attributes['class']))
|
||||||
|
$classes = array_merge($classes, explode(' ', $attributes['class']));
|
||||||
|
@endphp
|
||||||
|
<div @class($classes)>
|
||||||
<div class="card-body text-center">
|
<div class="card-body text-center">
|
||||||
<h5 class="card-title fw-bold">{{ isset($title) ? $title : $attributes['title'] }}</h5>
|
<h5 class="card-title fw-bold">{{ isset($title) ? $title : $attributes['title'] }}</h5>
|
||||||
<hr class="mx-5"/>
|
<hr class="mx-5"/>
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ use App\Http\Controllers\Auth\EmailVerificationPromptController;
|
||||||
use App\Http\Controllers\Auth\NewPasswordController;
|
use App\Http\Controllers\Auth\NewPasswordController;
|
||||||
use App\Http\Controllers\Auth\PasswordResetLinkController;
|
use App\Http\Controllers\Auth\PasswordResetLinkController;
|
||||||
use App\Http\Controllers\Auth\RegisteredUserController;
|
use App\Http\Controllers\Auth\RegisteredUserController;
|
||||||
|
use App\Http\Controllers\Auth\UserModerationController;
|
||||||
use App\Http\Controllers\Auth\VerifyEmailController;
|
use App\Http\Controllers\Auth\VerifyEmailController;
|
||||||
use App\Http\Controllers\IndexController;
|
use App\Http\Controllers\IndexController;
|
||||||
use Illuminate\Support\Facades\Route;
|
use Illuminate\Support\Facades\Route;
|
||||||
|
|
@ -27,7 +28,7 @@ Route::get('/', function () {
|
||||||
return view('welcome');
|
return view('welcome');
|
||||||
})->middleware(['guest'])->name('welcome');
|
})->middleware(['guest'])->name('welcome');
|
||||||
|
|
||||||
Route::get('/my/dashboard', function () {
|
Route::get('my/dashboard', function () {
|
||||||
return view('dashboard');
|
return view('dashboard');
|
||||||
})->middleware(['auth'])->name('dashboard');
|
})->middleware(['auth'])->name('dashboard');
|
||||||
|
|
||||||
|
|
@ -35,6 +36,10 @@ Route::get('request-blocked', [DoubleSessionBlockController::class, 'create'])
|
||||||
->name('ddos.bypass');
|
->name('ddos.bypass');
|
||||||
Route::post('request-blocked', [DoubleSessionBlockController::class, 'store']);
|
Route::post('request-blocked', [DoubleSessionBlockController::class, 'store']);
|
||||||
|
|
||||||
|
Route::get('moderation-notice', [UserModerationController::class, 'create'])
|
||||||
|
->middleware(['banned'])
|
||||||
|
->name('moderation.notice');
|
||||||
|
|
||||||
Route::middleware('guest')->group(function () {
|
Route::middleware('guest')->group(function () {
|
||||||
Route::get('register', [RegisteredUserController::class, 'create'])
|
Route::get('register', [RegisteredUserController::class, 'create'])
|
||||||
->name('register');
|
->name('register');
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue