planiverse

A minimalist, no-JS front-end for Mastodon.
git clone https://git.mulligrubs.me/planiverse
Log | Files | Refs | README | LICENSE

commit d8f88af21bdc58dcc16e179ad4e7d2eac2afaed0
parent 1ca86208d588f946b2630015d220ada5373b2db6
Author: St John Karp <stjohn@fuzzjunket.com>
Date:   Sat, 18 Aug 2018 15:57:39 -0700

Move user authorization checks into a route middleware class

Moved the check for the user's session out of individual views
and into a route middleware class.

Diffstat:
Mapp/Http/Controllers/StatusController.php | 10----------
Mapp/Http/Controllers/TimelineController.php | 10----------
Mapp/Http/Kernel.php | 3+--
Aapp/Http/Middleware/CheckSession.php | 25+++++++++++++++++++++++++
Mroutes/web.php | 12++++++++----
5 files changed, 34 insertions(+), 26 deletions(-)

diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php @@ -37,11 +37,6 @@ class StatusController extends Controller public function favourite_status(string $status_id) { - # Check the user is logged in. - if (!session()->has('user')) - { - return redirect()->route('login'); - } $user = session('user'); $status = Mastodon::domain(env('MASTODON_DOMAIN')) @@ -55,11 +50,6 @@ class StatusController extends Controller public function unfavourite_status(string $status_id) { - # Check the user is logged in. - if (!session()->has('user')) - { - return redirect()->route('login'); - } $user = session('user'); $status = Mastodon::domain(env('MASTODON_DOMAIN')) diff --git a/app/Http/Controllers/TimelineController.php b/app/Http/Controllers/TimelineController.php @@ -28,11 +28,6 @@ class TimelineController extends Controller public function home_timeline(Request $request) { - # Check the user is logged in. - if (!session()->has('user')) - { - return redirect()->route('login'); - } $user = session('user'); $params = $this->compile_params($request); @@ -52,11 +47,6 @@ class TimelineController extends Controller public function post_status(Request $request) { - # Check the user is logged in. - if (!session()->has('user')) - { - return redirect()->route('login'); - } $user = session('user'); # Verify we have an actual status to post. diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php @@ -51,8 +51,7 @@ class Kernel extends HttpKernel * @var array */ protected $routeMiddleware = [ - 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, - 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, + 'authorize' => \App\Http\Middleware\CheckSession::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, diff --git a/app/Http/Middleware/CheckSession.php b/app/Http/Middleware/CheckSession.php @@ -0,0 +1,25 @@ +<?php + +namespace App\Http\Middleware; + +use Closure; + +class CheckSession +{ + /** + * Check the user's session to ensure their user object is loaded. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @return mixed + */ + public function handle($request, Closure $next) + { + if (!session()->has('user')) + { + return redirect()->route('login'); + } + + return $next($request); + } +} diff --git a/routes/web.php b/routes/web.php @@ -26,16 +26,20 @@ Route::get('/timeline/public', 'TimelineController@public_timeline') ->name('public'); Route::get('/timeline/home', 'TimelineController@home_timeline') - ->name('home'); + ->name('home') + ->middleware('authorize'); -Route::post('/timeline/home', 'TimelineController@post_status'); +Route::post('/timeline/home', 'TimelineController@post_status') + ->middleware('authorize'); Route::get('/status/{status_id}', 'StatusController@show_status') ->name('status'); -Route::get('/status/{status_id}/favourite', 'StatusController@favourite_status'); +Route::get('/status/{status_id}/favourite', 'StatusController@favourite_status') + ->middleware('authorize'); -Route::get('/status/{status_id}/unfavourite', 'StatusController@unfavourite_status'); +Route::get('/status/{status_id}/unfavourite', 'StatusController@unfavourite_status') + ->middleware('authorize'); Route::get('/login', 'LoginController@login') ->name('login');