Skip to content
This repository has been archived by the owner on Apr 23, 2024. It is now read-only.

feat: Add middlewares #24

Merged
merged 4 commits into from
Mar 27, 2024
Merged

feat: Add middlewares #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ec2986a
feat: Add "login redirection" middleware.
Iltotore Mar 27, 2024
bd669e6
feat: Add "admin only" middleware.
Iltotore Mar 27, 2024
f909c77
feat: Add auth middleware to cart routes
Iltotore Mar 27, 2024
d46d137
fix: Missing AdminOnly middleware
Iltotore Mar 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions app/Http/Kernel.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ class Kernel extends HttpKernel
* @var array<string, class-string|string>
*/
protected $middlewareAliases = [
'admin' => \App\Http\Middleware\AdminOnly::class,
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
Expand Down
39 changes: 39 additions & 0 deletions app/Http/Middleware/AdminOnly.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Auth\Middleware\Authenticate as Middleware;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class AdminOnly extends Middleware
{
/**
* Get the path the user should be redirected to when they are not authenticated.
*/
protected function redirectTo(Request $request): ?string
{
abort(404);
}

/**
* Handle an incoming request.
*
* @param Request $request
* @param \Closure $next
* @param string[] ...$guards
* @return mixed
*
* @throws AuthenticationException
*/
public function handle($request, Closure $next, ...$guards)
{
$this->authenticate($request, $guards);

if(!Auth::user()->admin) abort(404);

return $next($request);
}
}
2 changes: 1 addition & 1 deletion app/Http/Middleware/Authenticate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ class Authenticate extends Middleware
*/
protected function redirectTo(Request $request): ?string
{
return $request->expectsJson() ? null : route('login');
return $request->expectsJson() ? null : "/login?redirect=".$request->Url();
}
}
10 changes: 5 additions & 5 deletions routes/web.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@
Route::post("/auth/logout", [AuthController::class, "logout"]);
Route::post("/auth/register", [AuthController::class, "register"]);

Route::post("/cart/add", [CartController::class, "add"]);
Route::post("/cart/remove", [CartController::class, "remove"]);
Route::post("/cart/delete", [CartController::class, "delete"]);
Route::post("/cart/clear", [CartController::class, "clear"]);
Route::post("/cart/buy", [CartController::class, "buy"]);
Route::post("/cart/add", [CartController::class, "add"])->middleware("auth");
Route::post("/cart/remove", [CartController::class, "remove"])->middleware("auth");
Route::post("/cart/delete", [CartController::class, "delete"])->middleware("auth");
Route::post("/cart/clear", [CartController::class, "clear"])->middleware("auth");
Route::post("/cart/buy", [CartController::class, "buy"])->middleware("auth");
80 changes: 80 additions & 0 deletions tests/Feature/MiddlewareTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
<?php

namespace Tests\Feature;

use App\Http\Middleware\Authenticate;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Routing\Controllers\Middleware;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Auth;
use Tests\TestCase;

class MiddlewareTest extends TestCase
{

protected function setUp(): void {
parent::setUp();

$okResponse = function () {
return response(status: 200);
};

Route::get("/test/admin", $okResponse)->middleware("admin");
Route::get("/test/auth", $okResponse)->middleware("auth");
}

/**
* Abort with 404 if user is not logged in.
*/
public function test_admin_guest(): void
{
$response = $this->get("/test/admin");
$response->assertNotFound();
}

/**
* Abort with 404 if user is not an admin.
*/
public function test_admin_no_permission(): void
{
$user = User::factory()->create(["is_admin" => false]);
Auth::login($user);

$response = $this->get("/test/admin");
$response->assertNotFound();
}

/**
* Do not redirect the user if logged in with an admin account.
*/
public function test_admin_ok(): void
{
$user = User::factory()->create(["is_admin" => true]);
Auth::login($user);

$response = $this->get("/test/auth");
$response->assertSuccessful();
}

/**
* Redirect the user if not logged in
*/
public function test_auth_redirect(): void
{
$response = $this->get("/test/auth");
$response->assertRedirect("/login?redirect=http://localhost/test/auth");
}

/**
* Do not redirect the user if logged in.
*/
public function test_auth_ok(): void
{
$user = User::factory()->create();
Auth::login($user);

$response = $this->get("/test/auth");
$response->assertSuccessful();
}
}
Loading