Commit e350567e authored by Davide Aprea's avatar Davide Aprea
Browse files

merged key validation into browser-/humanverfication

parent 9d84ae98
......@@ -18,7 +18,7 @@ class BrowserVerification
*/
public function handle($request, Closure $next)
{
if ($request->filled("loadMore") && Cache::has($request->input("loadMore"))) {
if (($request->filled("loadMore") && Cache::has($request->input("loadMore"))) || app('App\Models\Key')->getStatus()) {
return $next($request);
}
......
......@@ -41,12 +41,12 @@ class HumanVerification
unset($_SERVER["AGENT"]);
/**
* If the user sends a Password or a key
* If the user sends a valid key or an appversion
* We will not verificate the user.
* If someone that uses a bot finds this out we
* might have to change it at some point.
*/
if ($request->filled('password') || $request->filled('key') || Cookie::get('key') !== null || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
if ($request->filled('appversion') || !env('BOT_PROTECTION', false) || app('App\Models\Key')->getStatus()) {
$update = false;
return $next($request);
}
......
<?php
namespace App\Http\Middleware;
use Closure;
use Cookie;
use App\Models\Key;
//use KeyServiceProvider;
class KeyValidation
{
protected $key;
public function __construct(Key $key){
$this->key = $key;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
//dd($this->key->key, $this->key->getStatus());
if($this->key->key !== '' && $this->key->getStatus()) {
return response('valid key');
//return $next($request);
} elseif($this->key->key !== '' && !$this->key->getStatus()) {
if($request->filled('key')){
return response('invalid key (parameter)');
//return redirect($request->except('key'));
} else {
Cookie::queue('key', '', 0, '/', null, false, false);
return response('invalid key (cookie)');
//return redirect($request);
}
} else {
return response('no key');
//return redirect($request);
}
}
}
......@@ -558,30 +558,7 @@ class MetaGer
public function authorize($key)
{
$postdata = http_build_query(array(
'dummy' => rand(),
));
$opts = array(
'http' => array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $postdata,
),
);
$context = stream_context_create($opts);
try {
$link = "https://key.metager3.de/" . urlencode($key) . "/request-permission/api-access";
$result = json_decode(file_get_contents($link, false, $context));
if ($result->{'api-access'} == true) {
return true;
} else {
return false;
}
} catch (\ErrorException $e) {
return false;
}
return app('App\Models\Key')->requestPermission();
}
/*
......
......@@ -14,7 +14,7 @@ class Key{
# always returns true or false
public function getStatus() {
if($this->status === null) {
if($this->key !== '' && $this->status === null) {
$this->updateStatus();
}
if($this->status === null || $this->status === false) {
......
......@@ -197,7 +197,7 @@ Route::group(
return redirect(LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), '/'));
});
Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('keyvalidation', 'browserverification', 'humanverification', 'useragentmaster')->name("resultpage");
Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('browserverification', 'humanverification', 'useragentmaster')->name("resultpage");
Route::get('meta/loadMore', 'MetaGerSearch@loadMore');
Route::post('img/cat.jpg', 'HumanVerification@remove');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment