Leonid Nikitin
c18e7e54b7
These changes allow for more efficient request throttling by utilizing Redis. The new EnsureUserIsVerified middleware improves security by validating that a user's email has been verified or if the user is active before granting access, returning a 403 error if the user fails these checks.
44 lines
1.4 KiB
PHP
44 lines
1.4 KiB
PHP
<?php declare(strict_types=1);
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Contracts\Auth\MustVerifyEmail;
|
|
use Illuminate\Support\Facades\Redirect;
|
|
use Illuminate\Support\Facades\URL;
|
|
|
|
final class EnsureUserIsVerified
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
* @param string|null $redirectToRoute
|
|
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse|null
|
|
*/
|
|
public function handle($request, Closure $next, $redirectToRoute = null)
|
|
{
|
|
if (! $request->user()) {
|
|
return $request->expectsJson()
|
|
? abort(403)
|
|
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
|
|
}
|
|
|
|
|
|
if ($request->user() instanceof MustVerifyEmail && ! $request->user()->hasVerifiedEmail()) {
|
|
return $request->expectsJson()
|
|
? abort(403, 'Your email address is not verified.')
|
|
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
|
|
}
|
|
|
|
if ($request->user()->is_active === false) {
|
|
return $request->expectsJson()
|
|
? abort(403, 'User disabled.')
|
|
: Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
}
|