matt/opnform-host-nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge main

Browse Source
This commit is contained in:
Julien Nahum
2024-01-09 10:55:32 +01:00
parent 77532f8cf4 dd83528a3a
commit 5647fba946
8 changed files with 494 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@@ -2,6 +2,7 @@
namespace App\Http;
use App\Http\Middleware\AuthenticateJWT;
use App\Http\Middleware\CustomDomainRestriction;
use App\Http\Middleware\EmbeddableForms;
use App\Http\Middleware\IsAdmin;
@@ -27,6 +28,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\SetLocale::class,
AuthenticateJWT::class,
CustomDomainRestriction::class,
];

46
app/Http/Middleware/AuthenticateJWT.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Tymon\JWTAuth\Exceptions\JWTException;
class AuthenticateJWT
{
/**
* Verifies the JWT token and validates the IP and User Agent
* Invalidates token otherwise
*/
public function handle(Request $request, Closure $next)
{
// Parse JWT Payload
try {
$payload = \JWTAuth::parseToken()->getPayload();
} catch (JWTException $e) {
return $next($request);
}
// Validate IP and User Agent
if ($payload) {
$error = null;
if (!\Hash::check($request->ip(), $payload->get('ip'))) {
$error = 'Origin IP is invalid';
}
if (!\Hash::check($request->userAgent(), $payload->get('ua'))) {
$error = 'Origin User Agent is invalid';
}
if ($error) {
auth()->invalidate();
return response()->json([
'message' => $error
], 403);
}
}
return $next($request);
}
}

30
app/Http/Resources/FormResource.php
View File

@@ -51,12 +51,9 @@ class FormResource extends JsonResource
'removed_properties' => $this->removed_properties,
'last_edited_human' => $this->updated_at?->diffForHumans(),
'seo_meta' => $this->seo_meta,
'max_file_size' => $this->max_file_size / 1000000,
] : [];
$baseData = $this->getFilteredFormData(parent::toArray($request), $this->userIsFormOwner());
return array_merge($baseData, $ownerData, [
return array_merge(parent::toArray($request), $ownerData, [
'is_pro' => $this->workspaceIsPro(),
'workspace_id' => $this->workspace_id,
'workspace' => new WorkspaceResource($this->getWorkspace()),
@@ -64,32 +61,11 @@ class FormResource extends JsonResource
'is_password_protected' => false,
'has_password' => $this->has_password,
'max_number_of_submissions_reached' => $this->max_number_of_submissions_reached,
'form_pending_submission_key' => $this->form_pending_submission_key
'form_pending_submission_key' => $this->form_pending_submission_key,
'max_file_size' => $this->max_file_size / 1000000,
]);
}
/**
* Filter form data to hide properties from users.
* - For relation fields, hides the relation information
*/
private function getFilteredFormData(array $data, bool $userIsFormOwner)
{
if ($userIsFormOwner) return $data;
$properties = collect($data['properties'])->map(function($property){
// Remove database details from relation
if ($property['type'] === 'relation') {
if (isset($property['relation'])) {
unset($property['relation']);
}
}
return $property;
});
$data['properties'] = $properties->toArray();
return $data;
}
public function setCleanings(array $cleanings)
{
$this->cleanings = $cleanings;