Commit c16d40a8 authored by Dominik Hebeler's avatar Dominik Hebeler

enabled auth middleware for admin pages

parent d4e522e7
......@@ -16,9 +16,9 @@ class RefererCheck
public function handle($request, Closure $next)
{
$refererCorrect = env('referer_check');
$referer = $request->server('HTTP_REFERER');
$referer = $request->server('HTTP_REFERER');
if ($refererCorrect !== $referer && "https://metager.de/admin/count" !== $referer) {
abort(403, 'Unauthorized');
abort(401, 'Unauthorized');
} else {
return $next($request);
}
......
......@@ -167,7 +167,7 @@ Route::group(
->with('request', $this->input('request', 'GET'));
});
Route::group([/*'middleware' => ['referer.check'],*/'prefix' => 'admin'], function () {
Route::group(['middleware' => ['referer.check'], 'prefix' => 'admin'], function () {
Route::get('/', 'AdminInterface@index');
Route::match(['get', 'post'], 'count', 'AdminInterface@count');
Route::get('check', 'AdminInterface@check');
......@@ -216,7 +216,7 @@ Route::group(
return response()->download($filePath, "MetaGer-release.apk");
});
Route::get('maps', function () {
$filePath = env('maps_app');
$filePath = env('maps_app');
$fileContents = file_get_contents($filePath);
return response($fileContents, 200)
->header('Cache-Control', 'public')
......@@ -226,7 +226,7 @@ Route::group(
});
Route::get('maps/version', function () {
$filePath = env('maps_version');
$filePath = env('maps_version');
$fileContents = file_get_contents($filePath);
return response($fileContents, 200)
->header('Content-Type', 'text/plain');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment