Skip to content

Commit 658617c

Browse files
JulianPrieberJulianPrieber
committed
Disabled request lifecycle middleware on public routes
Effectively sets no cookies on public pages
1 parent 53d74c7 commit 658617c

File tree

3 files changed

+69
-64
lines changed

3 files changed

+69
-64
lines changed

app/Http/Kernel.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,23 @@ class Kernel extends HttpKernel
2929
* @var array
3030
*/
3131
protected $middlewareGroups = [
32-
'web' => [
32+
'AuthSession' => [
3333
\App\Http\Middleware\EncryptCookies::class,
3434
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
3535
\Illuminate\Session\Middleware\StartSession::class,
36-
// \Illuminate\Session\Middleware\AuthenticateSession::class,
3736
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
3837
\App\Http\Middleware\VerifyCsrfToken::class,
38+
],
39+
40+
'web' => [
3941
\Illuminate\Routing\Middleware\SubstituteBindings::class,
4042
],
4143

4244
'api' => [
4345
'throttle:api',
4446
\Illuminate\Routing\Middleware\SubstituteBindings::class,
4547
],
48+
4649
];
4750

4851
/**

routes/auth.php

Lines changed: 62 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -8,27 +8,30 @@
88
use App\Http\Controllers\Auth\PasswordResetLinkController;
99
use App\Http\Controllers\Auth\RegisteredUserController;
1010
use App\Http\Controllers\Auth\VerifyEmailController;
11+
use Illuminate\Support\Facades\Auth;
1112
use Illuminate\Support\Facades\Route;
1213

13-
if(config('advanced-config.register_url') != '') {
14+
if (config('advanced-config.register_url') != '') {
1415
$register = config('advanced-config.register_url');
1516
} else {
1617
$register = "/register";
1718
}
1819

19-
if(config('advanced-config.login_url') != '') {
20+
if (config('advanced-config.login_url') != '') {
2021
$login = config('advanced-config.login_url');
2122
} else {
2223
$login = "/login";
2324
}
2425

25-
if(config('advanced-config.forgot_password_url') != '') {
26+
if (config('advanced-config.forgot_password_url') != '') {
2627
$forgot_password = config('advanced-config.forgot_password_url');
2728
} else {
2829
$forgot_password = "/forgot-password";
2930
}
3031

31-
if(env('ALLOW_REGISTRATION') or $register !== '/register') {
32+
Route::middleware(['web', 'AuthSession'])->group(function () use ($register, $login, $forgot_password) {
33+
34+
if (env('ALLOW_REGISTRATION') || $register !== '/register') {
3235
Route::get($register, [RegisteredUserController::class, 'create'])
3336
->middleware('guest')
3437
->middleware('max.users')
@@ -47,58 +50,58 @@
4750
});
4851
}
4952

50-
Route::get($login, [AuthenticatedSessionController::class, 'create'])
51-
->middleware('guest')
52-
->name('login');
53-
54-
Route::post($login, [AuthenticatedSessionController::class, 'store'])
55-
->middleware('guest');
56-
57-
Route::get( $forgot_password, [PasswordResetLinkController::class, 'create'])
58-
->middleware('guest')
59-
->name('password.request');
60-
61-
Route::post( $forgot_password, [PasswordResetLinkController::class, 'store'])
62-
->middleware('guest')
63-
->name('password.email');
64-
65-
Route::get('/reset-password/{token}', [NewPasswordController::class, 'create'])
66-
->middleware('guest')
67-
->name('password.reset');
68-
69-
Route::post('/reset-password', [NewPasswordController::class, 'store'])
70-
->middleware('guest')
71-
->name('password.update');
72-
73-
Route::get('/verify-email', [EmailVerificationPromptController::class, '__invoke'])
74-
->middleware('auth')
75-
->name('verification.notice');
76-
77-
Route::get('/verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke'])
78-
->middleware(['auth', 'signed', 'throttle:6,1'])
79-
->name('verification.verify');
80-
81-
Route::post('/email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
82-
->middleware(['auth', 'throttle:6,1'])
83-
->name('verification.send');
84-
85-
Route::get('/confirm-password', [ConfirmablePasswordController::class, 'show'])
86-
->middleware('auth')
87-
->name('password.confirm');
88-
89-
Route::post('/confirm-password', [ConfirmablePasswordController::class, 'store'])
90-
->middleware('auth');
91-
92-
Route::post('/logout', [AuthenticatedSessionController::class, 'destroy'])
93-
->middleware('auth')
94-
->name('logout');
95-
96-
Route::get('/blocked', function () {
97-
$user = Auth::user();
98-
if ($user && $user->block == 'yes') {
99-
return view('auth.blocked');
100-
} else {
101-
return redirect(url('dashboard'));
102-
}
103-
})->name('blocked');
104-
53+
Route::get($login, [AuthenticatedSessionController::class, 'create'])
54+
->middleware('guest')
55+
->name('login');
56+
57+
Route::post($login, [AuthenticatedSessionController::class, 'store'])
58+
->middleware('guest');
59+
60+
Route::get($forgot_password, [PasswordResetLinkController::class, 'create'])
61+
->middleware('guest')
62+
->name('password.request');
63+
64+
Route::post($forgot_password, [PasswordResetLinkController::class, 'store'])
65+
->middleware('guest')
66+
->name('password.email');
67+
68+
Route::get('/reset-password/{token}', [NewPasswordController::class, 'create'])
69+
->middleware('guest')
70+
->name('password.reset');
71+
72+
Route::post('/reset-password', [NewPasswordController::class, 'store'])
73+
->middleware('guest')
74+
->name('password.update');
75+
76+
Route::get('/verify-email', [EmailVerificationPromptController::class, '__invoke'])
77+
->middleware('auth')
78+
->name('verification.notice');
79+
80+
Route::get('/verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke'])
81+
->middleware(['auth', 'signed', 'throttle:6,1'])
82+
->name('verification.verify');
83+
84+
Route::post('/email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
85+
->middleware(['auth', 'throttle:6,1'])
86+
->name('verification.send');
87+
88+
Route::get('/confirm-password', [ConfirmablePasswordController::class, 'show'])
89+
->middleware('auth')
90+
->name('password.confirm');
91+
92+
Route::post('/confirm-password', [ConfirmablePasswordController::class, 'store'])
93+
->middleware('auth');
94+
95+
Route::post('/logout', [AuthenticatedSessionController::class, 'destroy'])
96+
->middleware('auth')
97+
->name('logout');
98+
99+
Route::get('/blocked', function () {
100+
$user = Auth::user();
101+
if ($user && $user->block == 'yes') {
102+
return view('auth.blocked');
103+
} else {
104+
return redirect(url('dashboard'));
105+
}
106+
})->name('blocked');
107+
});

routes/web.php

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@
9696

9797
Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo');
9898

99-
Route::middleware(['auth', 'blocked', 'impersonate'])->group(function () {
99+
Route::middleware(['AuthSession', 'auth', 'blocked', 'impersonate'])->group(function () {
100100
//User route
101101
Route::group([
102102
'middleware' => env('REGISTER_AUTH'),
@@ -141,11 +141,10 @@
141141
});
142142
}
143143

144+
Route::middleware(['AuthSession', 'auth', 'blocked', 'impersonate'])->group(function () {
144145
//Social login route
145146
Route::get('/social-auth/{provider}/callback', [SocialLoginController::class, 'providerCallback']);
146147
Route::get('/social-auth/{provider}', [SocialLoginController::class, 'redirectToProvider'])->name('social.redirect');
147-
148-
Route::middleware(['auth', 'blocked', 'impersonate'])->group(function () {
149148
//Admin route
150149
Route::group([
151150
'middleware' => 'admin',

0 commit comments

Comments
 (0)