Commit 01690a6a authored by Dominik Hebeler's avatar Dominik Hebeler

Alle Admin Unterseiten sind nur noch zugänglich, wenn man autorisiert ist

parent ea21c7b3
......@@ -47,11 +47,12 @@ class Kernel extends HttpKernel
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'referer.check' => \App\Http\Middleware\RefererCheck::class,
];
}
<?php
namespace App\Http\Middleware;
use Closure;
class RefererCheck
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$refererCorrect = env('referer_check');
$referer = $request->server('HTTP_REFERER');
if ($refererCorrect !== $referer) {
abort(403, 'Unauthorized');
} else {
return $next($request);
}
}
}
@extends('layouts.subPages')
@section('title', 'Fehler 403 - Unautorisiert')
@section('content')
<h1>Unautorisiert</h1>
<p>Sie haben leider keine Rechte auf dieses Dokument zuzugreifen.</p>
@endsection
......@@ -127,10 +127,12 @@ Route::group(
->with('navbarFocus', 'dienste');
});
Route::get('admin', 'AdminInterface@index');
Route::get('admin/count', 'AdminInterface@count');
Route::get('admin/check', 'AdminInterface@check');
Route::get('admin/engines', 'AdminInterface@engines');
Route::group(['middleware' => ['referer.check'], 'prefix' => 'admin'], function () {
Route::get('/', 'AdminInterface@index');
Route::get('count', 'AdminInterface@count');
Route::get('check', 'AdminInterface@check');
Route::get('engines', 'AdminInterface@engines');
});
Route::get('settings', 'StartpageController@loadSettings');
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment