Commit c16d40a8 authored by Dominik Hebeler's avatar Dominik Hebeler

enabled auth middleware for admin pages

parent d4e522e7
...@@ -16,9 +16,9 @@ class RefererCheck ...@@ -16,9 +16,9 @@ class RefererCheck
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
$refererCorrect = env('referer_check'); $refererCorrect = env('referer_check');
$referer = $request->server('HTTP_REFERER'); $referer = $request->server('HTTP_REFERER');
if ($refererCorrect !== $referer && "https://metager.de/admin/count" !== $referer) { if ($refererCorrect !== $referer && "https://metager.de/admin/count" !== $referer) {
abort(403, 'Unauthorized'); abort(401, 'Unauthorized');
} else { } else {
return $next($request); return $next($request);
} }
......
...@@ -167,7 +167,7 @@ Route::group( ...@@ -167,7 +167,7 @@ Route::group(
->with('request', $this->input('request', 'GET')); ->with('request', $this->input('request', 'GET'));
}); });
Route::group([/*'middleware' => ['referer.check'],*/'prefix' => 'admin'], function () { Route::group(['middleware' => ['referer.check'], 'prefix' => 'admin'], function () {
Route::get('/', 'AdminInterface@index'); Route::get('/', 'AdminInterface@index');
Route::match(['get', 'post'], 'count', 'AdminInterface@count'); Route::match(['get', 'post'], 'count', 'AdminInterface@count');
Route::get('check', 'AdminInterface@check'); Route::get('check', 'AdminInterface@check');
...@@ -216,7 +216,7 @@ Route::group( ...@@ -216,7 +216,7 @@ Route::group(
return response()->download($filePath, "MetaGer-release.apk"); return response()->download($filePath, "MetaGer-release.apk");
}); });
Route::get('maps', function () { Route::get('maps', function () {
$filePath = env('maps_app'); $filePath = env('maps_app');
$fileContents = file_get_contents($filePath); $fileContents = file_get_contents($filePath);
return response($fileContents, 200) return response($fileContents, 200)
->header('Cache-Control', 'public') ->header('Cache-Control', 'public')
...@@ -226,7 +226,7 @@ Route::group( ...@@ -226,7 +226,7 @@ Route::group(
}); });
Route::get('maps/version', function () { Route::get('maps/version', function () {
$filePath = env('maps_version'); $filePath = env('maps_version');
$fileContents = file_get_contents($filePath); $fileContents = file_get_contents($filePath);
return response($fileContents, 200) return response($fileContents, 200)
->header('Content-Type', 'text/plain'); ->header('Content-Type', 'text/plain');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment