2023-11-29 13:53:08 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
|
2024-01-10 10:32:22 +00:00
|
|
|
use App\Http\Requests\Workspace\CustomDomainRequest;
|
2023-11-29 13:53:08 +00:00
|
|
|
use App\Models\Forms\Form;
|
|
|
|
use App\Models\Workspace;
|
|
|
|
use Closure;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
use Illuminate\Database\Eloquent\Builder;
|
|
|
|
|
|
|
|
class CustomDomainRestriction
|
|
|
|
{
|
2024-01-12 14:43:28 +00:00
|
|
|
const CUSTOM_DOMAIN_HEADER = "x-custom-domain";
|
2023-11-29 13:53:08 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle an incoming request.
|
|
|
|
*/
|
|
|
|
public function handle(Request $request, Closure $next)
|
|
|
|
{
|
|
|
|
if (!$request->hasHeader(self::CUSTOM_DOMAIN_HEADER) || !config('custom-domains.enabled')) {
|
|
|
|
return $next($request);
|
|
|
|
}
|
|
|
|
|
|
|
|
$customDomain = $request->header(self::CUSTOM_DOMAIN_HEADER);
|
2024-01-10 10:32:22 +00:00
|
|
|
if (!preg_match(CustomDomainRequest::CUSTOM_DOMAINS_REGEX, $customDomain)) {
|
2024-01-24 19:48:59 +00:00
|
|
|
\Log::warning('Invalid domain', [
|
|
|
|
'domain' => $customDomain,
|
|
|
|
'ip' => $request->ip(),
|
|
|
|
]);
|
2023-11-29 13:53:08 +00:00
|
|
|
return response()->json([
|
|
|
|
'success' => false,
|
|
|
|
'message' => 'Invalid domain',
|
2024-01-12 14:43:28 +00:00
|
|
|
'error' => 'invalid_domain',
|
2024-01-12 16:32:10 +00:00
|
|
|
], 420);
|
2023-11-29 13:53:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check if domain is different from current domain
|
|
|
|
$notionFormsDomain = parse_url(config('app.url'))['host'];
|
|
|
|
if ($customDomain == $notionFormsDomain) {
|
|
|
|
return $next($request);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if domain is known
|
|
|
|
if (!$workspace = Workspace::whereJsonContains('custom_domains',$customDomain)->first()) {
|
2024-01-24 19:48:59 +00:00
|
|
|
\Log::warning('Unknown domain', [
|
|
|
|
'domain' => $customDomain,
|
|
|
|
'ip' => $request->ip(),
|
|
|
|
]);
|
2023-11-29 13:53:08 +00:00
|
|
|
return response()->json([
|
|
|
|
'success' => false,
|
|
|
|
'message' => 'Unknown domain',
|
2024-01-12 14:43:28 +00:00
|
|
|
'error' => 'invalid_domain',
|
2024-01-12 16:32:10 +00:00
|
|
|
], 420);
|
2023-11-29 13:53:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Workspace::addGlobalScope('domain-restricted', function (Builder $builder) use ($workspace) {
|
|
|
|
$builder->where('workspaces.id', $workspace->id);
|
|
|
|
});
|
|
|
|
Form::addGlobalScope('domain-restricted', function (Builder $builder) use ($workspace) {
|
|
|
|
$builder->where('forms.workspace_id', $workspace->id);
|
|
|
|
});
|
|
|
|
|
|
|
|
return $next($request);
|
|
|
|
}
|
|
|
|
}
|