From a65e618d04a6ba68fdb489ac1f181b53ead31105 Mon Sep 17 00:00:00 2001
From: Graphictoria <XlXi@gtoria.net>
Date: Sat, 23 Apr 2022 16:16:01 -0400
Subject: [PATCH] Fix maintenance constraint page.

---
 web/app/Http/Controllers/MaintenanceController.php | 5 ++---
 web/app/Http/Kernel.php                            | 1 +
 web/public/mix-manifest.json                       | 2 +-
 web/resources/js/pages/Maintenance.js              | 2 ++
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/web/app/Http/Controllers/MaintenanceController.php b/web/app/Http/Controllers/MaintenanceController.php
index 23e6c00..226f682 100644
--- a/web/app/Http/Controllers/MaintenanceController.php
+++ b/web/app/Http/Controllers/MaintenanceController.php
@@ -45,7 +45,7 @@ class MaintenanceController extends Controller
 			if(isset($data['secret']) && $btns === $mtconf->combination)
 			{
 				$trustedHosts = explode(',', env('TRUSTED_HOSTS'));
-				$origin = join('.', array_slice(explode('.', $request->headers->get('origin')), -2));
+				$origin = join('.', array_slice(explode('.', explode('//', $request->headers->get('origin'))[1]), -2));
 				$passCheck = false;
 				
 				foreach($trustedHosts as &$host)
@@ -60,8 +60,7 @@ class MaintenanceController extends Controller
 					'expires_at' => $expiresAt->getTimestamp(),
 					'mac' => hash_hmac('SHA256', $expiresAt->getTimestamp(), $data['secret']),
 				])), $expiresAt);
-				$bypassCookie = $bypassCookie->withSecure(false);
-				//$bypassCookie = $bypassCookie->withSameSite('none');
+				$bypassCookie = $bypassCookie->withSameSite('none');
 				
 				if($passCheck)
 					$bypassCookie = $bypassCookie->withDomain('.' . $origin);
diff --git a/web/app/Http/Kernel.php b/web/app/Http/Kernel.php
index 8233601..e94776d 100644
--- a/web/app/Http/Kernel.php
+++ b/web/app/Http/Kernel.php
@@ -45,6 +45,7 @@ class Kernel extends HttpKernel
             // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
 			\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
+			\App\Http\Middleware\EncryptCookies::class,
         ],
     ];
 
diff --git a/web/public/mix-manifest.json b/web/public/mix-manifest.json
index f6ed187..2443630 100644
--- a/web/public/mix-manifest.json
+++ b/web/public/mix-manifest.json
@@ -1,5 +1,5 @@
 {
     "/js/app.js": "/js/app.js?id=cd2fb1cee326ab151ccc",
-    "/js/pages/maintenance.js": "/js/pages/maintenance.js?id=48c6a431110c9ea51807",
+    "/js/pages/maintenance.js": "/js/pages/maintenance.js?id=bdec3edf7c97c2fbbd28",
     "/css/graphictoria.css": "/css/graphictoria.css?id=569f8477631683f9ea96"
 }
diff --git a/web/resources/js/pages/Maintenance.js b/web/resources/js/pages/Maintenance.js
index 09f505d..8043504 100644
--- a/web/resources/js/pages/Maintenance.js
+++ b/web/resources/js/pages/Maintenance.js
@@ -13,6 +13,8 @@ import { buildGenericApiUrl } from '../util/HTTP.js';
 import { Canvas, useFrame } from '@react-three/fiber';
 import { Instances, Instance, PerspectiveCamera, useGLTF } from '@react-three/drei';
 
+axios.defaults.withCredentials = true;
+
 const randomVector = (r) => [r / 2 - Math.random() * r, r / 2 - Math.random() * r, r / 2 - Math.random() * r];
 const randomEuler = () => [Math.random() * Math.PI, Math.random() * Math.PI, Math.random() * Math.PI];
 const randomData = Array.from({ length: 2000 }, (r = 200) => ({ random: Math.random(), position: randomVector(r), rotation: randomEuler() }));