opnform/app/Http/Middleware/ImpersonationMiddleware.php

100 lines
2.9 KiB
PHP
Raw Permalink Normal View History

2024-01-19 13:27:04 +00:00
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
2024-01-19 14:15:38 +00:00
use Tymon\JWTAuth\Exceptions\JWTException;
2024-01-19 13:27:04 +00:00
class ImpersonationMiddleware
{
public const ADMIN_LOG_PREFIX = '[admin_action] ';
2024-02-23 10:54:12 +00:00
public const LOG_ROUTES = [
2024-01-19 13:27:04 +00:00
'open.forms.store',
'open.forms.update',
'open.forms.duplicate',
'open.forms.regenerate-link',
];
2024-02-23 10:54:12 +00:00
public const ALLOWED_ROUTES = [
2024-01-19 13:27:04 +00:00
'logout',
// Forms
'forms.ai.generate',
'forms.ai.show',
'forms.assets.show',
'forms.show',
'forms.answer',
'forms.fetchSubmission',
'forms.users.index',
'open.forms.index-all',
'open.forms.store',
'open.forms.assets.upload',
'open.forms.update',
'open.forms.duplicate',
'open.forms.regenerate-link',
'open.forms.submissions',
'open.forms.submissions.file',
// Workspaces
'open.workspaces.index',
'open.workspaces.create',
'open.workspaces.delete',
'open.workspaces.save-custom-domains',
'open.workspaces.databases.search',
'open.workspaces.databases.show',
'open.workspaces.form.stats',
'open.workspaces.forms.index',
'open.workspaces.users.index',
'templates.index',
'templates.create',
'templates.update',
'templates.show',
'user.current',
'local.temp',
];
/**
* Handle an incoming request.
*
2024-02-23 10:54:12 +00:00
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
2024-01-19 13:27:04 +00:00
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
2024-01-19 14:15:38 +00:00
try {
2024-02-23 10:54:12 +00:00
if (! auth()->check() || ! auth()->payload()->get('impersonating')) {
2024-01-19 14:15:38 +00:00
return $next($request);
}
} catch (JWTException $e) {
2024-01-19 13:27:04 +00:00
return $next($request);
}
2024-01-19 14:15:38 +00:00
2024-01-19 13:27:04 +00:00
// Check that route is allowed
$routeName = $request->route()->getName();
2024-02-23 10:54:12 +00:00
if (! in_array($routeName, self::ALLOWED_ROUTES)) {
2024-01-19 13:27:04 +00:00
return response([
'message' => 'Unauthorized when impersonating',
'route' => $routeName,
'impersonator' => auth()->payload()->get('impersonator_id'),
'impersonated_account' => auth()->id(),
'url' => $request->fullUrl(),
2024-02-23 10:54:12 +00:00
'payload' => $request->all(),
2024-01-19 13:27:04 +00:00
], 403);
2024-02-23 10:54:12 +00:00
} elseif (in_array($routeName, self::LOG_ROUTES)) {
\Log::warning(self::ADMIN_LOG_PREFIX.'Impersonator action', [
2024-01-19 13:27:04 +00:00
'route' => $routeName,
'url' => $request->fullUrl(),
'impersonated_account' => auth()->id(),
'impersonator' => auth()->payload()->get('impersonator_id'),
2024-02-23 10:54:12 +00:00
'payload' => $request->all(),
2024-01-19 13:27:04 +00:00
]);
}
return $next($request);
}
}