Modified the Middleware Kernel to use a new method for request throttling that uses Redis and created a new middleware to ensure that user email is verified.

These changes allow for more efficient request throttling by utilizing Redis. The new EnsureUserIsVerified middleware improves security by validating that a user's email has been verified or if the user is active before granting access, returning a 403 error if the user fails these checks.
This commit is contained in:
Leonid Nikitin 2023-07-06 19:52:39 +06:00
parent 00910831a4
commit c18e7e54b7
Signed by: kor-elf
GPG Key ID: 7DE8F80C5CEC2C0D
2 changed files with 45 additions and 2 deletions

View File

@ -61,7 +61,7 @@ class Kernel extends HttpKernel
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequestsWithRedis::class,
'verified' => \App\Http\Middleware\EnsureUserIsVerified::class,
];
}

View File

@ -0,0 +1,43 @@
<?php declare(strict_types=1);
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\URL;
final class EnsureUserIsVerified
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $redirectToRoute
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse|null
*/
public function handle($request, Closure $next, $redirectToRoute = null)
{
if (! $request->user()) {
return $request->expectsJson()
? abort(403)
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
}
if ($request->user() instanceof MustVerifyEmail && ! $request->user()->hasVerifiedEmail()) {
return $request->expectsJson()
? abort(403, 'Your email address is not verified.')
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
}
if ($request->user()->is_active === false) {
return $request->expectsJson()
? abort(403, 'User disabled.')
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
}
return $next($request);
}
}