prevent cookie conflicts when running the server and client on the sa…

…me domain, by removing the session from delivery routes. (#52)
cybex-gmbh · Jun 7, 2024 · 1f45e86 · 1f45e86
1 parent 7825afd
commit 1f45e86
Show file tree

Hide file tree

Showing 9 changed files with 139 additions and 388 deletions.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php
@@ -2,7 +2,6 @@
 
 namespace App\Http\Middleware;
 
-use App\Providers\RouteServiceProvider;
 use Closure;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
@@ -25,7 +24,7 @@ public function handle(Request $request, Closure $next, string ...$guards): Resp
 
         foreach ($guards as $guard) {
             if (Auth::guard($guard)->check()) {
-                return redirect(RouteServiceProvider::HOME);
+                return redirect()->intended('/home');
             }
         }
 

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -2,7 +2,14 @@
 
 namespace App\Providers;
 
+use App\Models\Media;
 use App\Models\User;
+use App\Models\Version;
+use Illuminate\Cache\RateLimiting\Limit;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\RateLimiter;
+use Illuminate\Support\Facades\Route;
 use Illuminate\Database\Eloquent\Relations\Relation;
 use Illuminate\Support\ServiceProvider;
 
@@ -28,5 +35,29 @@ public function boot(): void
         Relation::enforceMorphMap([
             'user' => User::class,
         ]);
+
+        $this->configureRateLimiting();
+
+        Route::bind('media', function (string $identifier): Media {
+            $user = Auth::user() ?? User::whereName(Route::getCurrentRoute()->parameter('user'))->firstOrFail();
+            return $user->Media()->whereIdentifier($identifier)->firstOrFail();
+        });
+
+        Route::bind('version', function (int $versionNumber): Version {
+            $media = Route::getCurrentRoute()->parameter('media');
+            return $media->Versions()->whereNumber($versionNumber)->firstOrFail();
+        });
+    }
+
+    /**
+     * Configure the rate limiters for the application.
+     *
+     * @return void
+     */
+    protected function configureRateLimiting(): void
+    {
+        RateLimiter::for('api', function (Request $request) {
+            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
+        });
     }
 }
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -3,12 +3,20 @@
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
+use Illuminate\Routing\Middleware\SubstituteBindings;
+use Illuminate\Support\Facades\Route;
 
 return Application::configure(basePath: dirname(__DIR__))
     ->withRouting(
-        web: __DIR__.'/../routes/web.php',
-        commands: __DIR__.'/../routes/console.php',
+        // Using base_path() instead of __DIR__ because it's more uniform.
+        web: base_path('routes/web.php'),
+        api: base_path('routes/api.php'),
+        commands: base_path('routes/console.php'),
         health: '/up',
+        then: function () {
+            Route::middleware(SubstituteBindings::class)
+                ->group(base_path('routes/delivery.php'));
+        },
     )
     ->withMiddleware(function (Middleware $middleware) {
         //

diff --git a/config/app.php b/config/app.php
@@ -174,8 +174,6 @@
         App\Providers\AuthServiceProvider::class,
         // App\Providers\BroadcastServiceProvider::class,
         App\Providers\EventServiceProvider::class,
-        App\Providers\RouteServiceProvider::class,
-
         App\Providers\CdnHelperServiceProvider::class,
         App\Providers\CloudStorageServiceProvider::class,
         App\Providers\SqsFifoServiceProvider::class,