90 lines
3.1 KiB
PHP
90 lines
3.1 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Services\Security\CaptchaVerifier;
|
|
use Closure;
|
|
use cPad\Plugins\Forum\Services\Security\ForumSecurityFirewallService;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\RedirectResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class ForumSecurityFirewallMiddleware
|
|
{
|
|
public function __construct(
|
|
private readonly ForumSecurityFirewallService $firewallService,
|
|
private readonly CaptchaVerifier $captchaVerifier,
|
|
) {
|
|
}
|
|
|
|
public function handle(Request $request, Closure $next, string $action = 'generic'): Response|RedirectResponse|JsonResponse
|
|
{
|
|
$assessment = $this->firewallService->assess($request, $action);
|
|
$request->attributes->set('forum_firewall_assessment', $assessment);
|
|
|
|
if ($this->requiresCaptcha($assessment, $action)) {
|
|
$captcha = $this->captchaVerifier->frontendConfig();
|
|
$tokenInput = (string) ($captcha['inputName'] ?? $this->captchaVerifier->inputName());
|
|
$token = (string) (
|
|
$request->input($tokenInput)
|
|
?: $request->header('X-Captcha-Token', '')
|
|
?: $request->header('X-Turnstile-Token', '')
|
|
);
|
|
|
|
if (! $this->captchaVerifier->verify($token, $request->ip())) {
|
|
$message = 'Additional verification is required before continuing.';
|
|
|
|
if ($request->expectsJson()) {
|
|
return response()->json([
|
|
'message' => $message,
|
|
'errors' => [
|
|
'captcha' => [$message],
|
|
],
|
|
'requires_captcha' => true,
|
|
'captcha' => $captcha,
|
|
], 422);
|
|
}
|
|
|
|
return redirect()->back()
|
|
->withInput($request->except(['password', 'current_password', 'new_password', 'new_password_confirmation', $tokenInput]))
|
|
->withErrors(['captcha' => $message]);
|
|
}
|
|
|
|
$request->attributes->set('forum_firewall_captcha_verified', true);
|
|
}
|
|
|
|
if ((bool) ($assessment['blocked'] ?? false)) {
|
|
$message = 'Security firewall blocked this request.';
|
|
|
|
if ($request->expectsJson()) {
|
|
return response()->json([
|
|
'message' => $message,
|
|
'errors' => [
|
|
'security' => [$message],
|
|
],
|
|
], 429);
|
|
}
|
|
|
|
throw ValidationException::withMessages([
|
|
'security' => [$message],
|
|
]);
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
private function requiresCaptcha(array $assessment, string $action): bool
|
|
{
|
|
if (! $this->captchaVerifier->isEnabled()) {
|
|
return false;
|
|
}
|
|
|
|
if (! (bool) ($assessment['requires_captcha'] ?? false)) {
|
|
return false;
|
|
}
|
|
|
|
return in_array($action, (array) config('forum_bot_protection.captcha.actions', []), true);
|
|
}
|
|
} |