From 2ffc5311f9e2b92bfcec7a82fdec60d7af1eda91 Mon Sep 17 00:00:00 2001
From: Julien Nahum <julien@nahum.net>
Date: Tue, 16 Jan 2024 17:40:28 +0100
Subject: [PATCH] Appsumo fix

---
 app/Exceptions/Handler.php                    |  8 +------
 .../Auth/AppSumoAuthController.php            |  8 +++----
 .../Forms/FormSubmissionController.php        |  1 -
 app/Http/Kernel.php                           |  2 ++
 app/Http/Middleware/AcceptsJsonMiddleware.php | 23 +++++++++++++++++++
 client/middleware/custom-domain.global.js     | 19 ++++++++-------
 6 files changed, 39 insertions(+), 22 deletions(-)
 create mode 100644 app/Http/Middleware/AcceptsJsonMiddleware.php

diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 966ea02..45a835d 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -39,16 +39,10 @@ class Handler extends ExceptionHandler
 
     /**
      * Convert an authentication exception into a response.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  \Illuminate\Auth\AuthenticationException  $exception
-     * @return \Illuminate\Http\Response
      */
     protected function unauthenticated($request, AuthenticationException $exception)
     {
-        return $request->expectsJson()
-            ? response()->json(['message' => $exception->getMessage()], 401)
-            : redirect(front_url('login'));
+        return response()->json(['message' => $exception->getMessage()], 401);
     }
 
     public function report(Throwable $exception)
diff --git a/app/Http/Controllers/Auth/AppSumoAuthController.php b/app/Http/Controllers/Auth/AppSumoAuthController.php
index a5cd5aa..0fd8cbd 100644
--- a/app/Http/Controllers/Auth/AppSumoAuthController.php
+++ b/app/Http/Controllers/Auth/AppSumoAuthController.php
@@ -17,10 +17,10 @@ class AppSumoAuthController extends Controller
 
     public function handleCallback(Request $request)
     {
-        $this->validate($request, [
-            'code' => 'required',
-        ]);
-        $accessToken = $this->retrieveAccessToken($request->code);
+        if (!$code = $request->code) {
+            return response()->json(['message' => 'Healthy'], 200);
+        }
+        $accessToken = $this->retrieveAccessToken($code);
         $license = $this->fetchOrCreateLicense($accessToken);
 
         // If user connected, attach license
diff --git a/app/Http/Controllers/Forms/FormSubmissionController.php b/app/Http/Controllers/Forms/FormSubmissionController.php
index dca04b1..28ffc30 100644
--- a/app/Http/Controllers/Forms/FormSubmissionController.php
+++ b/app/Http/Controllers/Forms/FormSubmissionController.php
@@ -30,7 +30,6 @@ class FormSubmissionController extends Controller
     public function export(string $id)
     {
         $form = Form::findOrFail((int) $id);
-        $this->authorize('view', $form);
 
         $allRows = [];
         foreach ($form->submissions->toArray() as $row) {
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 1ae7aeb..c2311a2 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -2,6 +2,7 @@
 
 namespace App\Http;
 
+use App\Http\Middleware\AcceptsJsonMiddleware;
 use App\Http\Middleware\AuthenticateJWT;
 use App\Http\Middleware\CustomDomainRestriction;
 use App\Http\Middleware\IsAdmin;
@@ -29,6 +30,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\SetLocale::class,
         AuthenticateJWT::class,
         CustomDomainRestriction::class,
+        AcceptsJsonMiddleware::class
     ];
 
     /**
diff --git a/app/Http/Middleware/AcceptsJsonMiddleware.php b/app/Http/Middleware/AcceptsJsonMiddleware.php
new file mode 100644
index 0000000..65efd7e
--- /dev/null
+++ b/app/Http/Middleware/AcceptsJsonMiddleware.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class AcceptsJsonMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
+     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        $request->headers->set('Accept', 'application/json');
+
+        return $next($request);
+    }
+}
diff --git a/client/middleware/custom-domain.global.js b/client/middleware/custom-domain.global.js
index 029372c..6aad995 100644
--- a/client/middleware/custom-domain.global.js
+++ b/client/middleware/custom-domain.global.js
@@ -24,27 +24,26 @@ export default defineNuxtRouteMiddleware((to, from) => {
 
   const customDomainHeaderValue = useRequestHeaders()[customDomainHeaderName]
   if (!customDomainHeaderValue || customDomainHeaderValue !== getDomain(getHost())) {
-    // If custom domain header doesn't match, redirect
-    console.error('Custom domain header does not match, redirecting',{
-      'customDomainHeaderValue': customDomainHeaderValue,
-      'host': getDomain(getHost()),
-    })
-    return redirectToMainDomain('header_mismatch', {
-      customDomainHeaderValue,
+    return redirectToMainDomain( {
+      reason: 'header_mismatch',
+      customDomainHeaderValue: customDomainHeaderValue,
       host: getDomain(getHost()),
     })
   }
 
   if (!config.public.customDomainsEnabled) {
     // If custom domain not allowed, redirect
-    return redirectToMainDomain('custom_domains_disabled')
+    return redirectToMainDomain({
+      reason: 'custom_domains_disabled'
+    })
   }
 
   if (!customDomainAllowedRoutes.includes(to.name)) {
     // Custom domain only allowed for form url
-    return redirectToMainDomain('route_not_allowed', {
+    return redirectToMainDomain({
+      reason: 'route_not_allowed',
       route: to.name,
-      customDomainAllowedRoutes
+      customDomainAllowedRoutes: customDomainAllowedRoutes
     })
   }
 })