From 867508137deb43350ca04e3f2d9b5dceb7937d4d Mon Sep 17 00:00:00 2001
From: SofianeLasri <alasri250@gmail.com>
Date: Thu, 20 Feb 2025 15:16:43 +0100
Subject: [PATCH] feat(middleware): enhance private mode functionality and add
 secret validation

- Updated CheckPrivateModeMiddleware to include secret validation for accessing the application in private mode.
- Introduced `APP_PRIVATE_MODE_SECRET` in .env files for configuration.
- Adjusted configuration settings in app.php to retrieve the private mode secret from environment variables.
---
 .env.production                                    | 4 +++-
 .env.testing                                       | 4 +++-
 app/Http/Middleware/CheckPrivateModeMiddleware.php | 9 +++++++--
 config/app.php                                     | 2 ++
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/.env.production b/.env.production
index 550e0c2..31ad211 100644
--- a/.env.production
+++ b/.env.production
@@ -86,4 +86,6 @@ OPENAI_MODEL=gpt-4o-mini
 
 IP_ADDRESS_RESOLVER_URL=http://ip-api.com/batch
 IP_ADDRESS_RESOLVER_CALL_LIMIT_PER_MINUTE=15
-IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
\ No newline at end of file
+IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
+
+APP_PRIVATE_MODE_SECRET=secret
\ No newline at end of file
diff --git a/.env.testing b/.env.testing
index 28fca8c..7e40aa8 100644
--- a/.env.testing
+++ b/.env.testing
@@ -82,4 +82,6 @@ OPENAI_MODEL=gpt-4o-mini
 
 IP_ADDRESS_RESOLVER_URL=http://api.test-provider.com/batch
 IP_ADDRESS_RESOLVER_CALL_LIMIT_PER_MINUTE=15
-IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
\ No newline at end of file
+IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
+
+APP_PRIVATE_MODE_SECRET=secret
\ No newline at end of file
diff --git a/app/Http/Middleware/CheckPrivateModeMiddleware.php b/app/Http/Middleware/CheckPrivateModeMiddleware.php
index 2e9ba63..8d3bce4 100644
--- a/app/Http/Middleware/CheckPrivateModeMiddleware.php
+++ b/app/Http/Middleware/CheckPrivateModeMiddleware.php
@@ -9,9 +9,14 @@ class CheckPrivateModeMiddleware
 {
     public function handle(Request $request, Closure $next)
     {
-        if (config('app.private_mode') && ! $request->is('maintenance') && ! auth()->check()) {
+        $privateModeEnabled = config('app.private_mode');
+        $privateModeSecret = config('app.private_mode_secret');
+        $userSecretInput = $request->input('secret');
+        $secretIsUsable = ! empty($privateModeSecret) && $privateModeSecret === $userSecretInput;
+
+        if ($privateModeEnabled && ! $secretIsUsable) {
             return redirect()->route('maintenance');
-        } elseif (! config('app.private_mode') && $request->is('maintenance')) {
+        } elseif (! $privateModeEnabled && $request->is('maintenance')) {
             return redirect()->route('index');
         }
 
diff --git a/config/app.php b/config/app.php
index b44d19f..2f05bd8 100644
--- a/config/app.php
+++ b/config/app.php
@@ -136,4 +136,6 @@
     ],
 
     'cdn_disk' => env('CDN_FILESYSTEM_DISK'),
+
+    'private_mode_mode_secret' => env('APP_PRIVATE_MODE_SECRET'),
 ];
-- 
GitLab