Alle Admin Unterseiten sind nur noch zugänglich, wenn man autorisiert ist

01690a6a · Dominik Hebeler · ea21c7b3 · 01690a6a · 01690a6a · 01690a6a
Commit 01690a6a authored Jan 18, 2017 by Dominik Hebeler
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -53,5 +53,6 @@ class Kernel extends HttpKernel
        'can'           => \Illuminate\Auth\Middleware\Authorize::class,
        'guest'         => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle'      => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'referer.check' => \App\Http\Middleware\RefererCheck::class,
    ];
 }
--- a/app/Http/Middleware/RefererCheck.php
+++ b/app/Http/Middleware/RefererCheck.php
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class RefererCheck
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $refererCorrect = env('referer_check');
+        $referer        = $request->server('HTTP_REFERER');
+        if ($refererCorrect !== $referer) {
+            abort(403, 'Unauthorized');
+        } else {
+            return $next($request);
+        }
+    }
+}
--- a/resources/views/errors/403.blade.php
+++ b/resources/views/errors/403.blade.php
+@extends('layouts.subPages')
+
+@section('title', 'Fehler 403 - Unautorisiert')
+
+@section('content')
+<h1>Unautorisiert</h1>
+<p>Sie haben leider keine Rechte auf dieses Dokument zuzugreifen.</p>
+@endsection
--- a/routes/web.php
+++ b/routes/web.php
@@ -127,10 +127,12 @@ Route::group(
                ->with('navbarFocus', 'dienste');
        });

-        Route::get('admin', 'AdminInterface@index');
-        Route::get('admin/count', 'AdminInterface@count');
-        Route::get('admin/check', 'AdminInterface@check');
-        Route::get('admin/engines', 'AdminInterface@engines');
+        Route::group(['middleware' => ['referer.check'], 'prefix' => 'admin'], function () {
+            Route::get('/', 'AdminInterface@index');
+            Route::get('count', 'AdminInterface@count');
+            Route::get('check', 'AdminInterface@check');
+            Route::get('engines', 'AdminInterface@engines');
+        });

        Route::get('settings', 'StartpageController@loadSettings');