Skip to content
Snippets Groups Projects
Verified Commit 86750813 authored by Sofiane Lasri's avatar Sofiane Lasri
Browse files

feat(middleware): enhance private mode functionality and add secret validation

- Updated CheckPrivateModeMiddleware to include secret validation for accessing the application in private mode.
- Introduced `APP_PRIVATE_MODE_SECRET` in .env files for configuration.
- Adjusted configuration settings in app.php to retrieve the private mode secret from environment variables.
parent 5a089eef
Branches
No related tags found
No related merge requests found
Pipeline #1072 passed
......@@ -87,3 +87,5 @@ OPENAI_MODEL=gpt-4o-mini
IP_ADDRESS_RESOLVER_URL=http://ip-api.com/batch
IP_ADDRESS_RESOLVER_CALL_LIMIT_PER_MINUTE=15
IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
APP_PRIVATE_MODE_SECRET=secret
\ No newline at end of file
......@@ -83,3 +83,5 @@ OPENAI_MODEL=gpt-4o-mini
IP_ADDRESS_RESOLVER_URL=http://api.test-provider.com/batch
IP_ADDRESS_RESOLVER_CALL_LIMIT_PER_MINUTE=15
IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
APP_PRIVATE_MODE_SECRET=secret
\ No newline at end of file
......@@ -9,9 +9,14 @@ class CheckPrivateModeMiddleware
{
public function handle(Request $request, Closure $next)
{
if (config('app.private_mode') && ! $request->is('maintenance') && ! auth()->check()) {
$privateModeEnabled = config('app.private_mode');
$privateModeSecret = config('app.private_mode_secret');
$userSecretInput = $request->input('secret');
$secretIsUsable = ! empty($privateModeSecret) && $privateModeSecret === $userSecretInput;
if ($privateModeEnabled && ! $secretIsUsable) {
return redirect()->route('maintenance');
} elseif (! config('app.private_mode') && $request->is('maintenance')) {
} elseif (! $privateModeEnabled && $request->is('maintenance')) {
return redirect()->route('index');
}
......
......@@ -136,4 +136,6 @@
],
'cdn_disk' => env('CDN_FILESYSTEM_DISK'),
'private_mode_mode_secret' => env('APP_PRIVATE_MODE_SECRET'),
];
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment