Modified the Middleware Kernel to use a new method for request throttling that uses Redis and created a new middleware to ensure that user email is verified.
These changes allow for more efficient request throttling by utilizing Redis. The new EnsureUserIsVerified middleware improves security by validating that a user's email has been verified or if the user is active before granting access, returning a 403 error if the user fails these checks.
This commit is contained in:
parent
00910831a4
commit
c18e7e54b7
GPG Key ID:
7DE8F80C5CEC2C0D
@ -61,7 +61,7 @@ class Kernel extends HttpKernel
|
||||
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
|
||||
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
|
||||
'signed' => \App\Http\Middleware\ValidateSignature::class,
|
||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequestsWithRedis::class,
|
||||
'verified' => \App\Http\Middleware\EnsureUserIsVerified::class,
|
||||
];
|
||||
}
|
||||
|
||||
43
app/Http/Middleware/EnsureUserIsVerified.php
Normal file
43
app/Http/Middleware/EnsureUserIsVerified.php
Normal file
@ -0,0 +1,43 @@
|
||||
<?php declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Contracts\Auth\MustVerifyEmail;
|
||||
use Illuminate\Support\Facades\Redirect;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
|
||||
final class EnsureUserIsVerified
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param string|null $redirectToRoute
|
||||
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse|null
|
||||
*/
|
||||
public function handle($request, Closure $next, $redirectToRoute = null)
|
||||
{
|
||||
if (! $request->user()) {
|
||||
return $request->expectsJson()
|
||||
? abort(403)
|
||||
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
|
||||
}
|
||||
|
||||
|
||||
if ($request->user() instanceof MustVerifyEmail && ! $request->user()->hasVerifiedEmail()) {
|
||||
return $request->expectsJson()
|
||||
? abort(403, 'Your email address is not verified.')
|
||||
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
|
||||
}
|
||||
|
||||
if ($request->user()->is_active === false) {
|
||||
return $request->expectsJson()
|
||||
? abort(403, 'User disabled.')
|
||||
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user