Commit c16d40a8 authored by Dominik Hebeler's avatar Dominik Hebeler

enabled auth middleware for admin pages

parent d4e522e7
......@@ -18,7 +18,7 @@ class RefererCheck
$refererCorrect = env('referer_check');
$referer = $request->server('HTTP_REFERER');
if ($refererCorrect !== $referer && "https://metager.de/admin/count" !== $referer) {
abort(403, 'Unauthorized');
abort(401, 'Unauthorized');
} else {
return $next($request);
}
......
......@@ -167,7 +167,7 @@ Route::group(
->with('request', $this->input('request', 'GET'));
});
Route::group([/*'middleware' => ['referer.check'],*/'prefix' => 'admin'], function () {
Route::group(['middleware' => ['referer.check'], 'prefix' => 'admin'], function () {
Route::get('/', 'AdminInterface@index');
Route::match(['get', 'post'], 'count', 'AdminInterface@count');
Route::get('check', 'AdminInterface@check');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment