added browser verification

a24fe7fa · Dominik Hebeler · d4b2bfb4 · a24fe7fa · a24fe7fa · a24fe7fa
Commit a24fe7fa authored 4 years ago by Dominik Hebeler
--- a/app/Http/Controllers/BrowserVerification.php
+++ b/app/Http/Controllers/BrowserVerification.php
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Redis;
+
+class BrowserVerification extends Controller
+{
+    public function verifyCss(Request $request)
+    {
+        $key = $request->input('id', '');
+        if (!preg_match("/^[a-f0-9]{32}$/", $key)) {
+            abort(404);
+        }
+
+        $redis = Redis::connection("central");
+        $redis->pipeline(function ($pipe) use ($key) {
+            $pipe->lpush($key, 1);
+            $pipe->expire($key, 60);
+        });
+
+        return response("", 200)
+            ->header("Content-Type", "text/css");
+    }
+}
--- a/app/Http/Controllers/ProxyController.php
+++ b/app/Http/Controllers/ProxyController.php
@@ -113,9 +113,11 @@ class ProxyController extends Controller
            $settings = "80";
        }

-        $urlToProxy = $this->proxifyUrl($targetUrl, $newPW, false);
-
+        $key = md5($request->ip() . microtime(true));
+        $urlToProxy = $this->proxifyUrl($targetUrl, $newPW, $key, false);
+        
        return view('ProxyPage')
+            ->with('key', $key)
            ->with('iframeUrl', $urlToProxy)
            ->with('scriptsEnabled', $scriptsEnabled)
            ->with('scriptUrl', $scriptUrl)
@@ -149,7 +151,6 @@ class ProxyController extends Controller
            if ($result === null) {
                return $this->streamFile($targetUrl);
            } else {
-
                $httpcode = $result["http_code"];

                extract(parse_url($targetUrl));
@@ -190,6 +191,7 @@ class ProxyController extends Controller
                            }
                            $result["header"]["content-disposition"] = "attachment; filename=$name";
                        }
+                        // no break
                    case 'image/png':
                    case 'image/jpeg':
                    case 'image/gif':
@@ -230,7 +232,6 @@ class ProxyController extends Controller
            }

            curl_close($this->ch);
-
        } else {
            $result = Cache::get($hash);
            // Base64 decode:
@@ -248,7 +249,6 @@ class ProxyController extends Controller

        return response($result["data"], $httpcode)
            ->withHeaders($result["header"]);
-
    }

    private function initCurl()
@@ -326,7 +326,6 @@ class ProxyController extends Controller
            # so we will return null and handle this case in the calling function
            return null;
        } else {
-
            $httpcode = intval(curl_getinfo($this->ch, CURLINFO_HTTP_CODE));

            $header_size = curl_getinfo($this->ch, CURLINFO_HEADER_SIZE);
@@ -348,7 +347,7 @@ class ProxyController extends Controller
                            if (strpos($redLink, "/") === 0) {
                                $parse = parse_url($url);
                                $redLink = $parse["scheme"] . "://" . $parse["host"] . $redLink;
-                            } else if (preg_match("/^\w+\.\w+$/si", $redLink)) {
+                            } elseif (preg_match("/^\w+\.\w+$/si", $redLink)) {
                                $parse = parse_url($url);
                                $redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
                            }
@@ -385,9 +384,7 @@ class ProxyController extends Controller
                    } else {
                        break;
                    }
-
                }
-
            }

            if (!isset($httpcode) || !$httpcode || $httpcode === 0) {
@@ -409,7 +406,7 @@ class ProxyController extends Controller
        }
    }

-    public function proxifyUrl($url, $password = null, $topLevel)
+    public function proxifyUrl($url, $password = null, $key, $topLevel)
    {
        // Only convert valid URLs
        $url = trim($url);
@@ -442,9 +439,9 @@ class ProxyController extends Controller
            $params = \Request::all();
            $params['password'] = $password;
            $params['url'] = $urlToProxy;
+            $params["id"] = $key;

            $iframeUrl = action('ProxyController@proxy', $params);
-
        }

        return $iframeUrl;

--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -61,6 +61,7 @@ class Kernel extends HttpKernel
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'checkpw' => \App\Http\Middleware\CheckPassword::class,
+        'browserverification' => \App\Http\Middleware\Browserverification::class,
    ];

    /**

--- a/app/Http/Middleware/Browserverification.php
+++ b/app/Http/Middleware/Browserverification.php
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Redis;
+
+class Browserverification
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $redis = Redis::connection("central");
+
+        $key = $request->input('id');
+        if (!preg_match("/^[a-f0-9]{32}$/", $key)) {
+            abort(404);
+        }
+
+        $answer = $redis->brpoplpush($key, $key, 3);
+
+        if ($answer === null) {
+            abort(404);
+        }
+        
+        return $next($request);
+    }
+}
--- a/config/database.php
+++ b/config/database.php
@@ -142,6 +142,13 @@ return [
            'database' => env('REDIS_CACHE_DB', 1),
        ],

+        'central' => [
+            'url' => env('CENTRAL_REDIS_URL'),
+            'host' => env('CENTRAL_REDIS_HOST', '127.0.0.1'),
+            'password' => env('CENTRAL_REDIS_PASSWORD', null),
+            'port' => env('CENTRAL_REDIS_PORT', 6379),
+            'database' => env('CENTRAL_REDIS_CACHE_DB', 1),
+        ]
    ],

 ];
--- a/resources/views/ProxyPage.blade.php
+++ b/resources/views/ProxyPage.blade.php
 @extends('layouts.app', ['url' => $targetUrl])

 @section('content')
+
 <iframe
 	id="site-proxy-iframe"
 	src="{!!$iframeUrl!!}"

--- a/resources/views/layouts/app.blade.php
+++ b/resources/views/layouts/app.blade.php
@@ -3,6 +3,7 @@
 <meta charset="utf-8" />
 <title>Proxy - MetaGer</title>
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+<link href="/index.css?id={{$key}}" rel="stylesheet" type="text/css" />
 <link href="{{ mix('/css/all.css') }}" rel="stylesheet" type="text/css" />
 </head>
 <body>

--- a/routes/web.php
+++ b/routes/web.php
@@ -30,6 +30,8 @@ Route::get('/', function () {
    }
 });

+Route::get('index.css', 'BrowserVerification@verifyCss');
+
 Route::post('/', function (Request $request) {
    $validatedData = $request->validate([
        'url' => 'required|url|max:255',
@@ -41,6 +43,6 @@ Route::post('/', function (Request $request) {
    return redirect(action('ProxyController@proxyPage', ['password' => $password, 'url' => $target]));
 });

-Route::get('{password}/{url}', 'ProxyController@proxyPage')->middleware('checkpw');
+Route::get('{password}/{url}', 'ProxyController@proxyPage')->middleware('throttle:60:1')->middleware('checkpw');

-Route::get('proxy/{password}/{url}', 'ProxyController@proxy')->middleware('checkpw:true');
+Route::get('proxy/{password}/{url}', 'ProxyController@proxy')->middleware('browserverification')->middleware('checkpw:true');