commit d8f88af21bdc58dcc16e179ad4e7d2eac2afaed0
parent 1ca86208d588f946b2630015d220ada5373b2db6
Author: St John Karp <stjohn@fuzzjunket.com>
Date: Sat, 18 Aug 2018 15:57:39 -0700
Move user authorization checks into a route middleware class
Moved the check for the user's session out of individual views
and into a route middleware class.
Diffstat:
5 files changed, 34 insertions(+), 26 deletions(-)
diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php
@@ -37,11 +37,6 @@ class StatusController extends Controller
public function favourite_status(string $status_id)
{
- # Check the user is logged in.
- if (!session()->has('user'))
- {
- return redirect()->route('login');
- }
$user = session('user');
$status = Mastodon::domain(env('MASTODON_DOMAIN'))
@@ -55,11 +50,6 @@ class StatusController extends Controller
public function unfavourite_status(string $status_id)
{
- # Check the user is logged in.
- if (!session()->has('user'))
- {
- return redirect()->route('login');
- }
$user = session('user');
$status = Mastodon::domain(env('MASTODON_DOMAIN'))
diff --git a/app/Http/Controllers/TimelineController.php b/app/Http/Controllers/TimelineController.php
@@ -28,11 +28,6 @@ class TimelineController extends Controller
public function home_timeline(Request $request)
{
- # Check the user is logged in.
- if (!session()->has('user'))
- {
- return redirect()->route('login');
- }
$user = session('user');
$params = $this->compile_params($request);
@@ -52,11 +47,6 @@ class TimelineController extends Controller
public function post_status(Request $request)
{
- # Check the user is logged in.
- if (!session()->has('user'))
- {
- return redirect()->route('login');
- }
$user = session('user');
# Verify we have an actual status to post.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -51,8 +51,7 @@ class Kernel extends HttpKernel
* @var array
*/
protected $routeMiddleware = [
- 'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
- 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
+ 'authorize' => \App\Http\Middleware\CheckSession::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
diff --git a/app/Http/Middleware/CheckSession.php b/app/Http/Middleware/CheckSession.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class CheckSession
+{
+ /**
+ * Check the user's session to ensure their user object is loaded.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @param \Closure $next
+ * @return mixed
+ */
+ public function handle($request, Closure $next)
+ {
+ if (!session()->has('user'))
+ {
+ return redirect()->route('login');
+ }
+
+ return $next($request);
+ }
+}
diff --git a/routes/web.php b/routes/web.php
@@ -26,16 +26,20 @@ Route::get('/timeline/public', 'TimelineController@public_timeline')
->name('public');
Route::get('/timeline/home', 'TimelineController@home_timeline')
- ->name('home');
+ ->name('home')
+ ->middleware('authorize');
-Route::post('/timeline/home', 'TimelineController@post_status');
+Route::post('/timeline/home', 'TimelineController@post_status')
+ ->middleware('authorize');
Route::get('/status/{status_id}', 'StatusController@show_status')
->name('status');
-Route::get('/status/{status_id}/favourite', 'StatusController@favourite_status');
+Route::get('/status/{status_id}/favourite', 'StatusController@favourite_status')
+ ->middleware('authorize');
-Route::get('/status/{status_id}/unfavourite', 'StatusController@unfavourite_status');
+Route::get('/status/{status_id}/unfavourite', 'StatusController@unfavourite_status')
+ ->middleware('authorize');
Route::get('/login', 'LoginController@login')
->name('login');
