opnform/app/Http/Middleware/Form/ProtectedForm.php

<?php

namespace App\Http\Middleware\Form;

use App\Models\Forms\Form;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class ProtectedForm
{
    const PASSWORD_HEADER_NAME = 'form-password';

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        if (!$request->route('slug')) {
            return $next($request);
        }

        $form = Form::where('slug',$request->route('slug'))->firstOrFail();
        $request->merge([
            'form' => $form,
        ]);
        $userIsFormOwner = Auth::check() && Auth::user()->ownsForm($form);
        if (!$userIsFormOwner && $this->isProtected($request, $form)) {
            return response([
                'status' => 'Unauthorized',
                'message' => 'Form is protected.',
            ], 403);
        }

        return $next($request);
    }

    public static function isProtected(Request $request, Form $form)
    {
        if (!$form->has_password) {
            return false;
        }

        return !self::hasCorrectPassword($request, $form);
    }

    public static function hasCorrectPassword(Request $request, Form $form)
    {
        return $request->headers->has(self::PASSWORD_HEADER_NAME) && $request->headers->get(self::PASSWORD_HEADER_NAME) == hash('sha256', $form->password);
    }
}
Initial commit 2022-09-20 19:59:52 +00:00			`<?php`

			`namespace App\Http\Middleware\Form;`

			`use App\Models\Forms\Form;`
			`use Closure;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Auth;`

Create common function for userIsFormOwner & rewrite protected form (#244) * Create common function for userIsFormOwner & rewrite protected form * fix testcase 2023-11-28 10:23:04 +00:00			`class ProtectedForm`
Initial commit 2022-09-20 19:59:52 +00:00			`{`
			`const PASSWORD_HEADER_NAME = 'form-password';`

			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response\|\Illuminate\Http\RedirectResponse) $next`
			`* @return \Illuminate\Http\Response\|\Illuminate\Http\RedirectResponse`
			`*/`
			`public function handle(Request $request, Closure $next)`
			`{`
Create common function for userIsFormOwner & rewrite protected form (#244) * Create common function for userIsFormOwner & rewrite protected form * fix testcase 2023-11-28 10:23:04 +00:00			`if (!$request->route('slug')) {`
			`return $next($request);`
Initial commit 2022-09-20 19:59:52 +00:00			`}`
Create common function for userIsFormOwner & rewrite protected form (#244) * Create common function for userIsFormOwner & rewrite protected form * fix testcase 2023-11-28 10:23:04 +00:00
			`$form = Form::where('slug',$request->route('slug'))->firstOrFail();`
			`$request->merge([`
			`'form' => $form,`
			`]);`
			`$userIsFormOwner = Auth::check() && Auth::user()->ownsForm($form);`
			`if (!$userIsFormOwner && $this->isProtected($request, $form)) {`
			`return response([`
			`'status' => 'Unauthorized',`
			`'message' => 'Form is protected.',`
			`], 403);`
			`}`

Initial commit 2022-09-20 19:59:52 +00:00			`return $next($request);`
			`}`

Create common function for userIsFormOwner & rewrite protected form (#244) * Create common function for userIsFormOwner & rewrite protected form * fix testcase 2023-11-28 10:23:04 +00:00			`public static function isProtected(Request $request, Form $form)`
			`{`
			`if (!$form->has_password) {`
			`return false;`
			`}`

			`return !self::hasCorrectPassword($request, $form);`
			`}`

Initial commit 2022-09-20 19:59:52 +00:00			`public static function hasCorrectPassword(Request $request, Form $form)`
			`{`
			`return $request->headers->has(self::PASSWORD_HEADER_NAME) && $request->headers->get(self::PASSWORD_HEADER_NAME) == hash('sha256', $form->password);`
			`}`
			`}`