service-captcha/app/Http/Middleware/EnsureUserIsVerified.php
Leonid Nikitin c18e7e54b7
Modified the Middleware Kernel to use a new method for request throttling that uses Redis and created a new middleware to ensure that user email is verified.
These changes allow for more efficient request throttling by utilizing Redis. The new EnsureUserIsVerified middleware improves security by validating that a user's email has been verified or if the user is active before granting access, returning a 403 error if the user fails these checks.
2023-07-06 19:52:39 +06:00

44 lines
1.4 KiB
PHP

<?php declare(strict_types=1);
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\URL;
final class EnsureUserIsVerified
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $redirectToRoute
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse|null
*/
public function handle($request, Closure $next, $redirectToRoute = null)
{
if (! $request->user()) {
return $request->expectsJson()
? abort(403)
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
}
if ($request->user() instanceof MustVerifyEmail && ! $request->user()->hasVerifiedEmail()) {
return $request->expectsJson()
? abort(403, 'Your email address is not verified.')
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
}
if ($request->user()->is_active === false) {
return $request->expectsJson()
? abort(403, 'User disabled.')
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
}
return $next($request);
}
}