70 lines
1.8 KiB
PHP
70 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\WebsiteConfiguration;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Carbon;
|
|
use Symfony\Component\HttpFoundation\Cookie;
|
|
|
|
class MaintenanceController extends Controller
|
|
{
|
|
/**
|
|
* Handles the maintenance bypass request.
|
|
*
|
|
* @return Response
|
|
*/
|
|
public function bypass(Request $request)
|
|
{
|
|
$password = $request->input('password');
|
|
$buttons = $request->input('buttons');
|
|
|
|
if($password && $buttons)
|
|
{
|
|
$mtconf = json_decode(WebsiteConfiguration::whereName('MaintenancePassword')->first()->value);
|
|
|
|
if($password == $mtconf->password)
|
|
{
|
|
$btns = array_slice($buttons, -count($mtconf->combination));
|
|
$data = json_decode(file_get_contents(storage_path('framework/down')), true);
|
|
|
|
if(isset($data['secret']) && $btns === $mtconf->combination)
|
|
{
|
|
$trustedHosts = explode(',', env('TRUSTED_HOSTS'));
|
|
$origin = parse_url($request->headers->get('origin'), PHP_URL_HOST);
|
|
$passCheck = false;
|
|
|
|
foreach($trustedHosts as &$host)
|
|
{
|
|
if(str_ends_with($origin, $host))
|
|
$passCheck = true;
|
|
}
|
|
|
|
$expiresAt = Carbon::now()->addHours(24);
|
|
$bypassCookie = new Cookie('gt_constraint', base64_encode(json_encode([
|
|
'expires_at' => $expiresAt->getTimestamp(),
|
|
'mac' => hash_hmac('SHA256', $expiresAt->getTimestamp(), $data['secret']),
|
|
])), $expiresAt);
|
|
|
|
if($passCheck)
|
|
$bypassCookie = $bypassCookie->withDomain('.' . $origin);
|
|
|
|
return response('')
|
|
->withCookie($bypassCookie);
|
|
}
|
|
}
|
|
|
|
return response('')
|
|
->setStatusCode(403);
|
|
}
|
|
else
|
|
{
|
|
return response('{"errors":[{"code":400,"message":"BadRequest"}]}')
|
|
->setStatusCode(400)
|
|
->header('Cache-Control', 'private')
|
|
->header('Content-Type', 'application/json; charset=utf-8');
|
|
}
|
|
}
|
|
}
|