-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSecureConsoleListener.php
executable file
·64 lines (56 loc) · 1.53 KB
/
SecureConsoleListener.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
namespace Statamic\Addons\SecureConsole;
use Illuminate\Http\Response;
use Statamic\Data\Users\User;
use Statamic\Extend\Listener;
class SecureConsoleListener extends Listener
{
/**
* The events to be listened for, and the methods to call.
*
* @var array
*/
public $events = [
'cp.add_to_head' => 'cp_head', // Only on cp requests
'response.created' => 'response_created', // Only on public side requests.
];
public function cp_head()
{
// Prevent access to the CP area on production sites.
if( app()->environment() == 'production' )
$this->canonical_quit('Access denied');
}
public function response_created(Response $response)
{
// Only allow access to the site for logged in users if the environment is not production.
if( app()->environment() != 'production' )
{
/** @var User $user */
$user = \Auth::user();
if( !$user OR !( $user->hasPermission('cp:access') AND $user->hasPermission('pages:edit') ) )
{
$this->canonical_quit('Access Denied');
}
}
}
private function canonical_quit($message='')
{
$path = $this->get_path();
die("<html>
<head>
<link rel=\"canonical\" href=\"{$path}\" />
</head>
<body>
{$message}
</body>
</html>");
}
private function get_path()
{
$url = request()->fullUrl();
$path = trim(request()->path(), "/ \t\n\r\0\x0B");
$base_url = str_replace($path, '', $url);
$public_host = trim($this->getConfig('app_base_uri', $base_url), "/ \t\n\r\0\x0B") . '/';
return $public_host . ($path ? $path . '/' : '');
}
}