From 8f68ad1a8755b1a2f76f5d50b1c2b6a26b76fae9 Mon Sep 17 00:00:00 2001
From: Davide Aprea <davide@suma-ev.de>
Date: Tue, 3 Nov 2020 15:52:19 +0100
Subject: [PATCH] added key validation middleware

---
 app/Http/Kernel.php                   |  1 +
 app/Http/Middleware/KeyValidation.php | 31 +++++++++++++++++++++++++++
 app/Models/Key.php                    |  4 ++--
 routes/web.php                        |  2 +-
 4 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 app/Http/Middleware/KeyValidation.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index cb14ae702..e5eb7fc68 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -63,5 +63,6 @@ class Kernel extends HttpKernel
         'humanverification' => \App\Http\Middleware\HumanVerification::class,
         'useragentmaster' => \App\Http\Middleware\UserAgentMaster::class,
         'browserverification' => \App\Http\Middleware\BrowserVerification::class,
+        'keyvalidation' => \App\Http\Middleware\KeyValidation::class,
     ];
 }
diff --git a/app/Http/Middleware/KeyValidation.php b/app/Http/Middleware/KeyValidation.php
new file mode 100644
index 000000000..4218076c5
--- /dev/null
+++ b/app/Http/Middleware/KeyValidation.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Cookie;
+use App\Models\Key;
+
+class KeyValidation
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {   
+        if(isset($request->key)){
+            $pKey = new Key($request->key);
+        }
+        
+        if(Cookie::get('key')){
+            $cKey = new Key($request->key);
+        }
+
+        if($pKey->getStatus() || $cKey->getStatus())
+        return $next($request);
+    }
+}
diff --git a/app/Models/Key.php b/app/Models/Key.php
index 3bc383679..cbe3f237d 100644
--- a/app/Models/Key.php
+++ b/app/Models/Key.php
@@ -15,7 +15,7 @@ class Key{
     # always returns true or false
     public function getStatus() {
         if($this->status === null) {
-            updateStatus();
+            $this->updateStatus();
         }
         if($this->status === null || $this->status === false) {
             return false;
@@ -60,7 +60,7 @@ class Key{
             if ($result->{'api-access'} == true) {
                 return true;
             } else {
-                $this->status = false;
+                $this->status = false; 
                 return false;
             }
         } catch (\ErrorException $e) {
diff --git a/routes/web.php b/routes/web.php
index 875b21d7f..247daff2d 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -197,7 +197,7 @@ Route::group(
             return redirect(LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), '/'));
         });
 
-        Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('browserverification', 'humanverification', 'useragentmaster')->name("resultpage");
+        Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('keyvalidation', 'browserverification', 'humanverification', 'useragentmaster')->name("resultpage");
 
         Route::get('meta/loadMore', 'MetaGerSearch@loadMore');
         Route::post('img/cat.jpg', 'HumanVerification@remove');
-- 
GitLab