protected function makeResponse(Request $request)
{
$message = $this->translator->get('c::auth.login-required');
if ($request->ajax() || $request->isJson() || $request->wantsJson()) {
return Response::json(['error' => $message], 403);
} else {
$url = $this->url->action('anlutro\\Core\\Web\\AuthController@login');
$intended = $request->getMethod() == 'GET' ? $request->fullUrl() : ($request->header('referer') ?: '/');
$this->session->put('url.intended', $intended);
return $this->redirect->to($url)->with('error', $message);
}
}
protected function checkRequestMethod()
{
if (!isset($this->config['methods'])) {
return true;
}
return in_array($this->request->getMethod(), $this->config['methods']);
}
/**
* @param \Illuminate\Http\Request $request
*
* @return static
*/
public static function createFromRequest(Request $request)
{
$instance = new static();
if (in_array($request->getMethod(), ['POST', 'PATCH', 'PUT'])) {
$instance->input = $request->json();
} else {
$instance->input = $request->query;
}
if ($request->query->has('per_page')) {
$instance->perPage = intval($request->query->get('per_page'));
}
if ($request->query->has('page')) {
$instance->page = intval($request->query->get('page'));
}
$instance->query = $request->query;
$instance->apiClass = explode('@', $request->route()[1]['uses'])[0];
$instance->method = $request->getMethod();
$instance->headers = $request->headers;
$instance->token = static::getToken($request);
$instance->callback = $request->query->get('callback');
$params = $request->route()[2];
if (isset($params['id'])) {
$id = intval($params['id']);
$instance->resourceId = $id > 0 ? $id : null;
}
return $instance;
}
/**
* Handle an incoming request.
*
* @param LaravelRequest $request
* @param Closure $next
*
* @return mixed
*/
public function handle(LaravelRequest $request, Closure $next)
{
$message = new Request($request->getMethod(), new Uri($request->getUri()), $request->headers->all(), $request->getContent());
$result = $this->extractor->getRequest($message);
$event = $this->logger->begin($result['request'], $request->getUri(), $request->getMethod(), '');
$response = null;
try {
/** @var LaravelResponse $response */
$response = $next($request);
} catch (Exception $e) {
$response = LaravelResponse::create($e->getMessage(), 500);
} finally {
$this->logResponse($response, $event);
}
return $response;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if (in_array($request->getMethod(), self::PARSED_METHODS)) {
$request->merge(json_decode($request->getContent()));
}
return $next($request);
}
/**
* @param Request $request
*/
public function run(Request $request)
{
$isPost = $request->getMethod() === 'POST';
$src = $request->all();
$cmd = isset($src['cmd']) ? $src['cmd'] : '';
$args = [];
if (!function_exists('json_encode')) {
$error = $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_JSON);
$this->output(['error' => '{"error":["' . implode('","', $error) . '"]}', 'raw' => TRUE]);
}
if (!$this->elFinder->loaded()) {
$this->output(['error' => $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_VOL), 'debug' => $this->elFinder->mountErrors]);
}
// telepat_mode: on
if (!$cmd && $isPost) {
$this->output(['error' => $this->elFinder->error(elFinder::ERROR_UPLOAD, elFinder::ERROR_UPLOAD_TOTAL_SIZE), 'header' => 'Content-Type: text/html']);
}
// telepat_mode: off
if (!$this->elFinder->commandExists($cmd)) {
$this->output(['error' => $this->elFinder->error(elFinder::ERROR_UNKNOWN_CMD)]);
}
// collect required arguments to exec command
foreach ($this->elFinder->commandArgsList($cmd) as $name => $req) {
$arg = $name == 'FILES' ? $_FILES : (isset($src[$name]) ? $src[$name] : '');
if (!is_array($arg)) {
$arg = trim($arg);
}
if ($req && (!isset($arg) || $arg === '')) {
$this->output(['error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd)]);
}
$args[$name] = $arg;
}
$args['debug'] = isset($src['debug']) ? !!$src['debug'] : FALSE;
$this->output($this->elFinder->exec($cmd, $this->input_filter($args)));
}
/**
* Create the validator instance.
*
* @param Illuminate\Http\Request $request
* @param Illuminate\Validation\Factory $validation
*/
public function __construct(Request $request, ValidationFactory $validation)
{
$this->request = $request;
$this->validation = $validation;
$this->setUpdating(in_array(strtolower($request->getMethod()), array('put', 'patch')));
$this->defineInput();
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->header('origin') !== 'https://sandbox.pagseguro.uol.com.br' && $request->getMethod() !== 'POST') {
return response('Unauthorized.', 401);
}
return $next($request)->header('Access-Control-Allow-Origin', 'https://sandbox.pagseguro.uol.com.br')->header('Access-Control-Allow-Methods', 'POST');
}
public function saveAction(Request $request)
{
$params = $request->all();
unset($params['_token'], $params['q']);
if (strlen($params['password'])) {
$params['password'] = Crypt::encrypt($params['password']);
}
if ($request->getMethod() == 'POST') {
// saving data!
$isValid = $this->repository->validateRequest($request);
if (!is_bool($isValid)) {
$request->session()->flash('message', "Invalid data, please check the following errors: ");
$request->session()->flash('validationErrros', $isValid);
return redirect()->route('configuration')->withInput();
}
$configuration = $this->repository->findById($params['id']);
if (!$configuration) {
$request->session()->flash('message', "Configuration not found");
return redirect('configuration');
}
$this->repository->update($params, $params['id']);
$request->session()->flash('message', "Configuration updated successfully!");
$request->session()->flash('success', true);
return redirect('configuration');
}
$request->session()->flash('message', "Method not allowed");
return redirect('configuration');
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->getMethod() != 'GET' && $this->isReadOnlyModeEnabled()) {
throw new HttpException(503);
}
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->getMethod() == "OPTIONS") {
$headers = array('Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE', 'Access-Control-Allow-Headers' => 'X-Requested-With, content-type');
return Response::make('', 200, $headers);
}
return $next($request);
}
/**
* Convert Request and Exception to array
* @param Request $request
* @param $e
*/
public function convert(Request $request, $e)
{
$this->_data['stacktrace'] = ['line' => $e->getLine(), 'file' => $e->getFile(), 'message' => $e->getMessage(), 'code' => $this->getCode($e->getFile(), $e->getLine(), 10)];
$this->_data['headers'] = $request->headers->all();
$this->_data['cookies'] = $request->cookies->all();
$this->_data['method'] = $request->getMethod();
$this->_data['uri'] = $request->getRequestUri();
$this->_data['params'] = $request->all();
}
/**
* @param HttpRequest $request
*
* @return array
*/
public function rules(HttpRequest $request) : array
{
if ($request->getMethod() === HttpRequest::METHOD_POST) {
return self::RULES;
}
$rules = self::RULES;
$rules['colour'][2] .= ",{$request->get('id')}";
return $rules;
}
/**
* Log all api requests
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle(Request $request, \Closure $next)
{
try {
$this->debug($request->getMethod() . ' ' . $request->getPathInfo());
} catch (\Exception $_ex) {
// Ignored.
}
return parent::handle($request, $next);
}
public function handle(Request $request, \Closure $next)
{
if ($request->getMethod() === "POST") {
if ($this->validSignature($request) || $this->validShopId($request)) {
return $next($request);
}
}
$this->logger->hooksError($request->getContent(), $request);
return new Response("", Response::HTTP_FORBIDDEN);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// TODO: don't automatically log the user out some time after
// issue #29 is fixed or when disabled_at starts being used for
// something other than merged accounts.
if ($this->auth->check() && $this->auth->user()->disabled_at !== null && !($request->getMethod() === 'POST' && $request->getRequestUri() == '/auth/logout')) {
$this->auth->logout();
// return Response::view('home.account-disabled', ['username' => $this->auth->user()->username], 403);
}
return $next($request);
}
/**
* Handle a Braintree webook request.
*
* @param Request $request
* @return void
*/
public function handle(Request $request)
{
if ($request->getMethod() === 'GET') {
$this->verify($request);
}
$response = $this->parse($request);
if (Config::get('banker.webhooks.debug')) {
Log::info($response);
}
$this->handleEvent($response);
}
public function __construct(Request $request)
{
$this->resource = $this->model();
if (!Route::current()) {
return;
}
// enable artisan route:list
$userId = $this->getUserIdFromParams($request->getMethod(), $request->all());
$this->middleware("canRead:{$userId}", ['only' => ['index', 'show']]);
$this->middleware("canWrite:{$userId}", ['only' => ['store', 'update', 'destroy']]);
}
/**
* Shall be throttle limit enabled for given request?
*
* @param \Illuminate\Http\Request $request
*
* @return bool
*/
protected function isEnabledFor($request)
{
// Limit only POST requests
if ($request->getMethod() != 'POST') {
return false;
}
// Disable throttle limit for voting
if (starts_with($request->getPathInfo(), '/ajax/vote/')) {
return false;
}
return true;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$headers = ['Access-Control-Allow-Origin' => ' *', 'Access-Control-Allow-Methods' => ' POST, GET, OPTIONS, PUT, DELETE', 'Access-Control-Allow-Headers' => ' Content-Type, Accept, Authorization, X-Requested-With'];
if ($request->getMethod() == "OPTIONS") {
return \Response::make('OK', 200, $headers);
}
$response = $next($request);
foreach ($headers as $key => $value) {
$response->header($key, $value);
}
return $response;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->getMethod() == "OPTIONS") {
$headers = array('Access-Control-Allow-Origin' => '*', 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE', 'Access-Control-Max-Age' => '1000', 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With');
return new JsonResponse('', 200, $headers);
}
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: 'GET, POST, PUT, DELETE, OPTIONS'");
header("Access-Control-Max-Age': '1000'");
header("Access-Control-Allow-Headers': 'Content-Type, Authorization, X-Requested-With'");
return $next($request);
}
/**
* @param Request $request
* @return bool
* @throws \InvalidArgumentException
*/
public static function isAuthorised(Request $request)
{
/** @var Route $route */
$route = $request->route();
$routeInfo = $route->getAction();
if (!empty($routeInfo[self::HTTP_METHOD_OVERRIDE_KEY])) {
$httpMethod = $routeInfo[self::HTTP_METHOD_OVERRIDE_KEY];
} else {
$httpMethod = $request->getMethod();
}
return static::isRoleHasAccessToRoute(static::getUserRole(), $route, $httpMethod);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
* @throws \App\Exceptions\Unauthorized
*/
public function handle($request, Closure $next)
{
if ($request->is('api/user/login') || $request->is('/') || $request->is('api/user') && $request->getMethod() == "POST") {
return $next($request);
}
$token = $request->header('X-Auth-Token');
if (!(User::$logged = User::where('api_token', $token)->first())) {
throw new \App\Exceptions\Unauthorized();
}
User::$edited = User::find($request->get('user_id'));
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
header('Access-Control-Allow-Origin: *');
$headers = ['Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE', 'Access-Control-Allow-Headers' => 'Content-Type, X-Token, Origin, Authorization'];
if ($request->getMethod() == "OPTIONS") {
return response('OK')->withHeaders($headers);
}
$response = $next($request);
foreach ($headers as $key => $value) {
$response->header($key, $value);
}
return $response;
}
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof TokenMismatchException) {
flash()->error('CSRF verification failed, try logging in again.')->important();
Auth::logout();
return redirect()->route('login');
}
if ($e instanceof MethodNotAllowedHttpException && $request->getMethod() == 'GET') {
flash()->error('That URL is for POST requests only.');
return redirect()->route('account');
}
return parent::render($request, $e);
}
public function __construct($apiName = null, Request $request)
{
if ($apiName == null || !class_exists(__NAMESPACE__ . '\\' . ucfirst($apiName) . 'API')) {
throw new Exception(self::getErrorMsg(ApiControllerFactory::API_NOT_FOUND), ApiControllerFactory::API_NOT_FOUND);
}
$className = __NAMESPACE__ . '\\' . ucfirst($apiName) . 'API';
$this->apiClassObject = new $className();
if (get_class($this->apiClassObject) == 'BaseAPI' || $this->apiClassObject->isPublic == false) {
throw new Exception(self::getErrorMsg(ApiControllerFactory::API_NOT_FOUND), ApiControllerFactory::API_NOT_FOUND);
}
$this->apiClassObject->setData($request->all());
$this->httpMethod = $request->getMethod();
}
/**
* @param Request $request
* @return bool
*/
public static function isAuthorised(Request $request)
{
/** @var Route $route */
$route = $request->route();
/** @var BaseAccessManager $instance */
$instance = call_user_func([get_called_class(), 'getInstance']);
$routeInfo = $route->getAction();
if (!empty($routeInfo[self::HTTP_METHOD_OVERRIDE_KEY])) {
$httpMethod = $routeInfo[self::HTTP_METHOD_OVERRIDE_KEY];
} else {
$httpMethod = $request->getMethod();
}
return $instance->_hasAccessToRoute($route, $httpMethod);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return \Illuminate\Http\Response
*/
public function handle($request, \Closure $next)
{
if ($request->getMethod() == 'OPTIONS') {
$headers = array_merge(static::$corsHeaders, ['Access-Control-Allow-Origin' => $request->header('Origin', '*')]);
return response('', Response::HTTP_NO_CONTENT, $headers);
}
/** @var \Illuminate\Http\Response $response */
$response = $next($request);
if ($response->getStatusCode() >= 400) {
$response->header('Access-Control-Expose-Headers', static::$corsHeaders['Access-Control-Expose-Headers']);
}
$response->header('Access-Control-Allow-Origin', $request->header('Origin', '*'));
return $response;
}
/**
* Checks to see if it is an admin user login call.
*
* @param \Illuminate\Http\Request $request
*
* @return bool
* @throws \DreamFactory\Core\Exceptions\NotImplementedException
*/
protected static function isException($request)
{
/** @var Router $router */
$router = app('router');
$service = strtolower($router->input('service'));
$resource = strtolower($router->input('resource'));
$action = VerbsMask::toNumeric($request->getMethod());
foreach (static::$exceptions as $exception) {
if ($action & ArrayUtils::get($exception, 'verb_mask') && $service === ArrayUtils::get($exception, 'service') && $resource === ArrayUtils::get($exception, 'resource')) {
return true;
}
}
return false;
}
/**
* Determine if any routes match on another HTTP verb.
*
* @param \Illuminate\Http\Request $request
*
* @return array
*/
protected function checkForAlternateVerbs($request)
{
$methods = array_diff(Router::$verbs, array($request->getMethod()));
// Here we will spin through all verbs except for the current request verb and
// check to see if any routes respond to them. If they do, we will return a
// proper error response with the correct headers on the response string.
$others = array();
foreach ($methods as $method) {
if (!is_null($this->check($this->get($method), $request, false))) {
$others[] = $method;
}
}
return $others;
}
