From 0b55ea27bb20cad3bf281d40d139edab878811bf Mon Sep 17 00:00:00 2001 From: Oluwaseye Date: Fri, 20 Dec 2024 11:09:41 -0500 Subject: [PATCH] Restrict for DevDojo Auth Setup to Admin users --- app/Http/Kernel.php | 1 + app/Http/Middleware/AdminOnlyRoutes.php | 25 +++++++++++++++++++++++++ routes/web.php | 7 +++++++ 3 files changed, 33 insertions(+) create mode 100644 app/Http/Middleware/AdminOnlyRoutes.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 6162fde7f..1bd10f0ac 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -55,6 +55,7 @@ class Kernel extends HttpKernel * @var array */ protected $routeMiddleware = [ + 'admin' => \App\Http\Middleware\AdminOnlyRoutes::class, 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class, diff --git a/app/Http/Middleware/AdminOnlyRoutes.php b/app/Http/Middleware/AdminOnlyRoutes.php new file mode 100644 index 000000000..03e843a21 --- /dev/null +++ b/app/Http/Middleware/AdminOnlyRoutes.php @@ -0,0 +1,25 @@ +user() && $request->user()->hasRole('admin')) { + return $next($request); + } + + abort(403); + } +} diff --git a/routes/web.php b/routes/web.php index 4253d25ca..513f910e9 100644 --- a/routes/web.php +++ b/routes/web.php @@ -16,3 +16,10 @@ // Wave routes Wave::routes(); + +// Restriction for DevDojo Auth Setup - Restrict /auth/setup/* to admin users only +Route::group(['prefix' => 'auth/setup', 'middleware' => ['auth', 'admin']], function () { + Route::any('{any}', function () { + return view('wave::auth.setup'); // Replace with the appropriate view or logic + })->where('any', '.*'); // Wildcard to match anything after /auth/setup/ +});