From 5a3978874a238ce9d23ed05869b59dc2a059434c Mon Sep 17 00:00:00 2001 From: Julien Nahum Date: Thu, 11 Jan 2024 14:07:27 +0100 Subject: [PATCH] URL generation (front&back) + fixed authJWT for SSR --- .../Controllers/SubscriptionController.php | 4 ++-- app/Http/Middleware/AuthenticateJWT.php | 8 ++++++++ app/Jobs/Form/StoreFormSubmissionJob.php | 4 ++-- app/Models/Forms/Form.php | 4 ++-- app/Models/Template.php | 2 +- app/Notifications/ResetPassword.php | 2 +- .../Subscription/FailedPaymentNotification.php | 2 +- app/Service/Forms/Webhooks/DiscordHandler.php | 2 +- app/Service/Forms/Webhooks/SlackHandler.php | 2 +- app/helpers.php | 11 +++++++++++ .../pages/forms/show/EmbedFormAsPopupModal.vue | 3 ++- client/composables/useOpnApi.js | 9 +++++++-- client/lib/utils.js | 18 ++++++++++++++++++ client/pages/index.vue | 8 ++++---- client/runtimeConfig.js | 7 ++++++- composer.json | 5 ++++- config/app.php | 9 +++++++++ .../views/vendor/mail/text/message.blade.php | 2 +- 18 files changed, 81 insertions(+), 21 deletions(-) create mode 100644 app/helpers.php diff --git a/app/Http/Controllers/SubscriptionController.php b/app/Http/Controllers/SubscriptionController.php index 4205b36..8cc0213 100644 --- a/app/Http/Controllers/SubscriptionController.php +++ b/app/Http/Controllers/SubscriptionController.php @@ -45,8 +45,8 @@ class SubscriptionController extends Controller $checkout = $checkoutBuilder ->collectTaxIds() ->checkout([ - 'success_url' => url('/subscriptions/success'), - 'cancel_url' => url('/subscriptions/error'), + 'success_url' => front_url('/subscriptions/success'), + 'cancel_url' => front_url('/subscriptions/error'), 'billing_address_collection' => 'required', 'customer_update' => [ 'address' => 'auto', diff --git a/app/Http/Middleware/AuthenticateJWT.php b/app/Http/Middleware/AuthenticateJWT.php index 7fc10ef..8cbc86b 100644 --- a/app/Http/Middleware/AuthenticateJWT.php +++ b/app/Http/Middleware/AuthenticateJWT.php @@ -8,6 +8,7 @@ use Tymon\JWTAuth\Exceptions\JWTException; class AuthenticateJWT { + const API_SERVER_SECRET_HEADER_NAME = 'x-api-secret'; /** * Verifies the JWT token and validates the IP and User Agent @@ -24,6 +25,13 @@ class AuthenticateJWT // Validate IP and User Agent if ($payload) { + if ($frontApiSecret = $request->header(self::API_SERVER_SECRET_HEADER_NAME)) { + // If it's a trusted SSR request, skip the rest + if ($frontApiSecret === config('app.front_api_secret')) { + return $next($request); + } + } + $error = null; if (!\Hash::check($request->ip(), $payload->get('ip'))) { $error = 'Origin IP is invalid'; diff --git a/app/Jobs/Form/StoreFormSubmissionJob.php b/app/Jobs/Form/StoreFormSubmissionJob.php index 8361f04..198bb2c 100644 --- a/app/Jobs/Form/StoreFormSubmissionJob.php +++ b/app/Jobs/Form/StoreFormSubmissionJob.php @@ -164,14 +164,14 @@ class StoreFormSubmissionJob implements ShouldQueue return null; } - if(filter_var($value, FILTER_VALIDATE_URL) !== FALSE && str_contains($value, parse_url(config('app.url'))['host'])) { // In case of prefill we have full url so convert to s3 + if(filter_var($value, FILTER_VALIDATE_URL) !== false && str_contains($value, parse_url(config('app.url'))['host'])) { // In case of prefill we have full url so convert to s3 $fileName = basename($value); $path = FormController::ASSETS_UPLOAD_PATH . '/' . $fileName; $newPath = Str::of(PublicFormController::FILE_UPLOAD_PATH)->replace('?', $this->form->id); Storage::move($path, $newPath.'/'.$fileName); return $fileName; } - + if($this->isSkipForUpload($value)) { return $value; } diff --git a/app/Models/Forms/Form.php b/app/Models/Forms/Form.php index aaf280f..53c4039 100644 --- a/app/Models/Forms/Form.php +++ b/app/Models/Forms/Form.php @@ -157,12 +157,12 @@ class Form extends Model implements CachableAttributes if ($this->custom_domain) { return 'https://' . $this->custom_domain . '/forms/' . $this->slug; } - return '/forms/' . $this->slug; + return front_url('/forms/' . $this->slug); } public function getEditUrlAttribute() { - return url('/forms/' . $this->slug . '/show'); + return front_url('/forms/' . $this->slug . '/show'); } public function getSubmissionsCountAttribute() diff --git a/app/Models/Template.php b/app/Models/Template.php index 59c42e3..45fa38f 100644 --- a/app/Models/Template.php +++ b/app/Models/Template.php @@ -48,7 +48,7 @@ class Template extends Model public function getShareUrlAttribute() { - return url('/form-templates/'.$this->slug); + return front_url('/form-templates/'.$this->slug); } public function setDescriptionAttribute($value) diff --git a/app/Notifications/ResetPassword.php b/app/Notifications/ResetPassword.php index 9edd12f..5260531 100644 --- a/app/Notifications/ResetPassword.php +++ b/app/Notifications/ResetPassword.php @@ -17,7 +17,7 @@ class ResetPassword extends Notification { return (new MailMessage) ->line('You are receiving this email because we received a password reset request for your account.') - ->action('Reset Password', url('password/reset/'.$this->token).'?email='.urlencode($notifiable->email)) + ->action('Reset Password', front_url('password/reset/'.$this->token).'?email='.urlencode($notifiable->email)) ->line('If you did not request a password reset, no further action is required.'); } } diff --git a/app/Notifications/Subscription/FailedPaymentNotification.php b/app/Notifications/Subscription/FailedPaymentNotification.php index f50a93f..dcb3970 100644 --- a/app/Notifications/Subscription/FailedPaymentNotification.php +++ b/app/Notifications/Subscription/FailedPaymentNotification.php @@ -36,6 +36,6 @@ class FailedPaymentNotification extends Notification implements ShouldQueue ->line(__('Please go to OpenForm, click on your name on the top right corner, and click on "Billing". You will then be able to update your card details. To avoid any service disruption, you can reply to this email whenever you updated your card details, and we\'ll manually attempt to charge your card.')) - ->action(__('Go to OpenForm'), url('/')); + ->action(__('Go to OpenForm'), front_url('/')); } } diff --git a/app/Service/Forms/Webhooks/DiscordHandler.php b/app/Service/Forms/Webhooks/DiscordHandler.php index 559de29..f7529f5 100644 --- a/app/Service/Forms/Webhooks/DiscordHandler.php +++ b/app/Service/Forms/Webhooks/DiscordHandler.php @@ -27,7 +27,7 @@ class DiscordHandler extends AbstractWebhookHandler $externalLinks[] = '[**🔗 Open Form**](' . $this->form->share_url . ')'; } if(Arr::get($settings, 'link_edit_form', true)){ - $editFormURL = url('forms/' . $this->form->slug . '/show'); + $editFormURL = front_url('forms/' . $this->form->slug . '/show'); $externalLinks[] = '[**✍️ Edit Form**](' . $editFormURL . ')'; } if (Arr::get($settings, 'link_edit_submission', true) && $this->form->editable_submissions) { diff --git a/app/Service/Forms/Webhooks/SlackHandler.php b/app/Service/Forms/Webhooks/SlackHandler.php index 5b2faf6..f237efa 100644 --- a/app/Service/Forms/Webhooks/SlackHandler.php +++ b/app/Service/Forms/Webhooks/SlackHandler.php @@ -27,7 +27,7 @@ class SlackHandler extends AbstractWebhookHandler $externalLinks[] = '*<' . $this->form->share_url . '|🔗 Open Form>*'; } if(Arr::get($settings, 'link_edit_form', true)){ - $editFormURL = url('forms/' . $this->form->slug . '/show'); + $editFormURL = front_url('forms/' . $this->form->slug . '/show'); $externalLinks[] = '*<' . $editFormURL . '|✍️ Edit Form>*'; } if (Arr::get($settings, 'link_edit_submission', true) && $this->form->editable_submissions) { diff --git a/app/helpers.php b/app/helpers.php new file mode 100644 index 0000000..e287b47 --- /dev/null +++ b/app/helpers.php @@ -0,0 +1,11 @@ + import { ref, defineProps, computed } from 'vue' +import {appUrl} from "~/lib/utils.js"; const { copy } = useClipboard() const crisp = useCrisp() @@ -135,7 +136,7 @@ let embedPopupCode = computed(() => { width: advancedOptions.value.width } previewPopup(nfData) - return '