From de6609bae85abd78e3301c2386d297dec68c4e04 Mon Sep 17 00:00:00 2001
From: saparatayev <sopa.97@mail.ru>
Date: Thu, 24 Feb 2022 15:12:48 +0500
Subject: [PATCH] try to block user without a session in a middleware

---
 app/Http/Kernel.php                         |  1 +
 app/Http/Middleware/CheckOctoberSession.php | 58 +++++++++++++++++++++
 app/Models/BirzhaUser.php                   | 14 +++++
 config/database.php                         | 20 +++++++
 routes/web.php                              | 13 +++--
 5 files changed, 101 insertions(+), 5 deletions(-)
 create mode 100644 app/Http/Middleware/CheckOctoberSession.php
 create mode 100644 app/Models/BirzhaUser.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 2d1c01d..117ae74 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -64,5 +64,6 @@ class Kernel extends HttpKernel
         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'check_october_session' => \App\Http\Middleware\CheckOctoberSession::class,
     ];
 }
diff --git a/app/Http/Middleware/CheckOctoberSession.php b/app/Http/Middleware/CheckOctoberSession.php
new file mode 100644
index 0000000..9829094
--- /dev/null
+++ b/app/Http/Middleware/CheckOctoberSession.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\BirzhaUser;
+use Closure;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Throwable;
+
+class CheckOctoberSession
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        // $url = url()->previous();
+        // $route = app('router')->getRoutes($url)->match(app('request')->create($url))->getName();
+        // dd($route);
+        // For Admin's session
+        if(\Auth::check()) {
+            return $next($request);
+        }
+        
+        // For Birzha User's session
+        try{
+            if(env('APP_ENV') == 'production') {
+                $userId = preg_split("/[\s\[\]\",]+/", \Cookie::get('user_auth'))[1];
+
+                $user = BirzhaUser::find($userId);
+
+                if(is_null($user)) {
+                        // if($route == 'logout') return Inertia::location(env('PARENT_APP'));
+                        // return Inertia::location(env('PARENT_APP'));
+                    return redirect()->away(env('PARENT_APP'));
+                } else {
+                    return $next($request);
+                }
+            } else {
+                // if($route == 'logout') return Inertia::location(env('PARENT_APP'));
+                // return Inertia::location(env('PARENT_APP'));
+                return redirect()->away(env('PARENT_APP'));
+            } 
+        } catch(Throwable $th) {
+            \Log::info($th);
+            
+            // if($route == 'logout') return Inertia::location(env('PARENT_APP'));
+            // return Inertia::location(env('PARENT_APP'));
+            return redirect()->away(env('PARENT_APP'));
+        }
+               
+    }
+}
diff --git a/app/Models/BirzhaUser.php b/app/Models/BirzhaUser.php
new file mode 100644
index 0000000..ed987c0
--- /dev/null
+++ b/app/Models/BirzhaUser.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class BirzhaUser extends Model
+{
+    use HasFactory;
+
+    protected $connection = 'birzha';
+    protected $table = 'users';
+}
diff --git a/config/database.php b/config/database.php
index b42d9b3..2dc5694 100644
--- a/config/database.php
+++ b/config/database.php
@@ -63,6 +63,26 @@ return [
             ]) : [],
         ],
 
+        'birzha' => [
+            'driver' => 'mysql',
+            'url' => env('DATABASE_URL_BIRZHA'),
+            'host' => env('DB_HOST_BIRZHA', '127.0.0.1'),
+            'port' => env('DB_PORT_BIRZHA', '3306'),
+            'database' => env('DB_DATABASE_BIRZHA', 'forge'),
+            'username' => env('DB_USERNAME_BIRZHA', 'forge'),
+            'password' => env('DB_PASSWORD_BIRZHA', ''),
+            'unix_socket' => env('DB_SOCKET_BIRZHA', ''),
+            'charset' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'prefix' => '',
+            'prefix_indexes' => true,
+            'strict' => true,
+            'engine' => null,
+            'options' => extension_loaded('pdo_mysql') ? array_filter([
+                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA_OTHER'),
+            ]) : [],
+        ],
+
         'pgsql' => [
             'driver' => 'pgsql',
             'url' => env('DATABASE_URL'),
diff --git a/routes/web.php b/routes/web.php
index 39f8f9d..575496a 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -23,11 +23,14 @@ use App\Models\Export;
 */
 
 // Route::get('/', [HomeController::class, 'index'])->name('home');
-Route::get('imports', [ImportController::class, 'index'])->name('imports');
-Route::get('/', [ExportController::class, 'index'])->name('exports');
-Route::get('download/{group}', [GroupController::class, 'download'])->name('download');
-Route::post('requests', [RequestController::class, 'store'])->name('requests.store');
-Route::get('lang/{lang}', [HomeController::class, 'lang'])->name('lang');
+Route::group(['middleware' => 'check_october_session'], function () {
+    Route::get('imports', [ImportController::class, 'index'])->name('imports');
+    Route::get('/', [ExportController::class, 'index'])->name('exports');
+    Route::get('download/{group}', [GroupController::class, 'download'])->name('download');
+    Route::post('requests', [RequestController::class, 'store'])->name('requests.store');
+    Route::get('lang/{lang}', [HomeController::class, 'lang'])->name('lang');
+});
+
 
 Route::group(['middleware' => 'auth:sanctum'], function () {
     Route::post('imports/import', [ImportController::class, 'import'])->name('imports.import');