56 lines
1.7 KiB
PHP
56 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Models\Forms\Form;
|
|
use App\Models\Workspace;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Database\Eloquent\Builder;
|
|
|
|
class CustomDomainRestriction
|
|
{
|
|
const CUSTOM_DOMAIN_HEADER = "User-Custom-Domain";
|
|
|
|
/**
|
|
* Handle an incoming request.
|
|
*/
|
|
public function handle(Request $request, Closure $next)
|
|
{
|
|
if (!$request->hasHeader(self::CUSTOM_DOMAIN_HEADER) || !config('custom-domains.enabled')) {
|
|
return $next($request);
|
|
}
|
|
|
|
$customDomain = $request->header(self::CUSTOM_DOMAIN_HEADER);
|
|
if (!preg_match('/^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}$/', $customDomain)) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'message' => 'Invalid domain',
|
|
], 400);
|
|
}
|
|
|
|
// Check if domain is different from current domain
|
|
$notionFormsDomain = parse_url(config('app.url'))['host'];
|
|
if ($customDomain == $notionFormsDomain) {
|
|
return $next($request);
|
|
}
|
|
|
|
// Check if domain is known
|
|
if (!$workspace = Workspace::whereJsonContains('custom_domains',$customDomain)->first()) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'message' => 'Unknown domain',
|
|
], 400);
|
|
}
|
|
|
|
Workspace::addGlobalScope('domain-restricted', function (Builder $builder) use ($workspace) {
|
|
$builder->where('workspaces.id', $workspace->id);
|
|
});
|
|
Form::addGlobalScope('domain-restricted', function (Builder $builder) use ($workspace) {
|
|
$builder->where('forms.workspace_id', $workspace->id);
|
|
});
|
|
|
|
return $next($request);
|
|
}
|
|
}
|