Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
open-source
MetaGer
Commits
01690a6a
Commit
01690a6a
authored
Jan 18, 2017
by
Dominik Hebeler
Browse files
Alle Admin Unterseiten sind nur noch zugänglich, wenn man autorisiert ist
parent
ea21c7b3
Changes
4
Hide whitespace changes
Inline
Side-by-side
app/Http/Kernel.php
View file @
01690a6a
...
...
@@ -47,11 +47,12 @@ class Kernel extends HttpKernel
* @var array
*/
protected
$routeMiddleware
=
[
'auth'
=>
\
Illuminate\Auth\Middleware\Authenticate
::
class
,
'auth.basic'
=>
\
Illuminate\Auth\Middleware\AuthenticateWithBasicAuth
::
class
,
'bindings'
=>
\
Illuminate\Routing\Middleware\SubstituteBindings
::
class
,
'can'
=>
\
Illuminate\Auth\Middleware\Authorize
::
class
,
'guest'
=>
\
App\Http\Middleware\RedirectIfAuthenticated
::
class
,
'throttle'
=>
\
Illuminate\Routing\Middleware\ThrottleRequests
::
class
,
'auth'
=>
\
Illuminate\Auth\Middleware\Authenticate
::
class
,
'auth.basic'
=>
\
Illuminate\Auth\Middleware\AuthenticateWithBasicAuth
::
class
,
'bindings'
=>
\
Illuminate\Routing\Middleware\SubstituteBindings
::
class
,
'can'
=>
\
Illuminate\Auth\Middleware\Authorize
::
class
,
'guest'
=>
\
App\Http\Middleware\RedirectIfAuthenticated
::
class
,
'throttle'
=>
\
Illuminate\Routing\Middleware\ThrottleRequests
::
class
,
'referer.check'
=>
\
App\Http\Middleware\RefererCheck
::
class
,
];
}
app/Http/Middleware/RefererCheck.php
0 → 100644
View file @
01690a6a
<?php
namespace
App\Http\Middleware
;
use
Closure
;
class
RefererCheck
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public
function
handle
(
$request
,
Closure
$next
)
{
$refererCorrect
=
env
(
'referer_check'
);
$referer
=
$request
->
server
(
'HTTP_REFERER'
);
if
(
$refererCorrect
!==
$referer
)
{
abort
(
403
,
'Unauthorized'
);
}
else
{
return
$next
(
$request
);
}
}
}
resources/views/errors/403.blade.php
0 → 100644
View file @
01690a6a
@
extends
(
'layouts.subPages'
)
@
section
(
'title'
,
'Fehler 403 - Unautorisiert'
)
@
section
(
'content'
)
<
h1
>
Unautorisiert
</
h1
>
<
p
>
Sie
haben
leider
keine
Rechte
auf
dieses
Dokument
zuzugreifen
.
</
p
>
@
endsection
routes/web.php
View file @
01690a6a
...
...
@@ -127,10 +127,12 @@ Route::group(
->
with
(
'navbarFocus'
,
'dienste'
);
});
Route
::
get
(
'admin'
,
'AdminInterface@index'
);
Route
::
get
(
'admin/count'
,
'AdminInterface@count'
);
Route
::
get
(
'admin/check'
,
'AdminInterface@check'
);
Route
::
get
(
'admin/engines'
,
'AdminInterface@engines'
);
Route
::
group
([
'middleware'
=>
[
'referer.check'
],
'prefix'
=>
'admin'
],
function
()
{
Route
::
get
(
'/'
,
'AdminInterface@index'
);
Route
::
get
(
'count'
,
'AdminInterface@count'
);
Route
::
get
(
'check'
,
'AdminInterface@check'
);
Route
::
get
(
'engines'
,
'AdminInterface@engines'
);
});
Route
::
get
(
'settings'
,
'StartpageController@loadSettings'
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment