2016-01-08 09:01:21 -06:00
|
|
|
<?php
|
2022-12-29 12:41:57 -06:00
|
|
|
|
2017-10-21 01:40:00 -05:00
|
|
|
/**
|
|
|
|
* Kernel.php
|
2020-01-31 00:32:04 -06:00
|
|
|
* Copyright (c) 2019 james@firefly-iii.org
|
2017-10-21 01:40:00 -05:00
|
|
|
*
|
2019-10-01 23:37:26 -05:00
|
|
|
* This file is part of Firefly III (https://github.com/firefly-iii).
|
2017-10-21 01:40:00 -05:00
|
|
|
*
|
2019-10-01 23:37:26 -05:00
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
* License, or (at your option) any later version.
|
2017-10-21 01:40:00 -05:00
|
|
|
*
|
2019-10-01 23:37:26 -05:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
2017-10-21 01:40:00 -05:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2019-10-01 23:37:26 -05:00
|
|
|
* GNU Affero General Public License for more details.
|
2017-10-21 01:40:00 -05:00
|
|
|
*
|
2019-10-01 23:37:26 -05:00
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2017-10-21 01:40:00 -05:00
|
|
|
*/
|
2017-09-14 10:40:02 -05:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
2016-01-08 09:01:21 -06:00
|
|
|
namespace FireflyIII\Http;
|
2015-02-05 21:39:52 -06:00
|
|
|
|
2022-06-23 02:33:43 -05:00
|
|
|
use FireflyIII\Http\Middleware\AcceptHeaders;
|
2017-09-10 01:33:51 -05:00
|
|
|
use FireflyIII\Http\Middleware\Authenticate;
|
2018-02-09 08:01:22 -06:00
|
|
|
use FireflyIII\Http\Middleware\Binder;
|
2018-02-09 12:11:55 -06:00
|
|
|
use FireflyIII\Http\Middleware\EncryptCookies;
|
2020-01-31 00:24:41 -06:00
|
|
|
use FireflyIII\Http\Middleware\InstallationId;
|
2018-03-07 13:21:36 -06:00
|
|
|
use FireflyIII\Http\Middleware\Installer;
|
2019-08-05 12:45:20 -05:00
|
|
|
use FireflyIII\Http\Middleware\InterestingMessage;
|
2017-09-10 01:33:51 -05:00
|
|
|
use FireflyIII\Http\Middleware\IsAdmin;
|
|
|
|
use FireflyIII\Http\Middleware\Range;
|
|
|
|
use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
|
2018-08-25 00:55:32 -05:00
|
|
|
use FireflyIII\Http\Middleware\SecureHeaders;
|
2017-10-27 11:56:38 -05:00
|
|
|
use FireflyIII\Http\Middleware\StartFireflySession;
|
2017-09-10 01:33:51 -05:00
|
|
|
use FireflyIII\Http\Middleware\TrimStrings;
|
|
|
|
use FireflyIII\Http\Middleware\TrustProxies;
|
|
|
|
use FireflyIII\Http\Middleware\VerifyCsrfToken;
|
|
|
|
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
|
|
|
use Illuminate\Auth\Middleware\Authorize;
|
|
|
|
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
2015-02-05 21:39:52 -06:00
|
|
|
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
2017-09-10 01:33:51 -05:00
|
|
|
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
|
|
|
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
|
|
|
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
|
|
|
|
use Illuminate\Routing\Middleware\ThrottleRequests;
|
2020-06-27 08:42:18 -05:00
|
|
|
use Illuminate\Session\Middleware\AuthenticateSession;
|
2017-09-10 01:33:51 -05:00
|
|
|
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
2018-02-07 03:49:06 -06:00
|
|
|
use Laravel\Passport\Http\Middleware\CreateFreshApiToken;
|
2022-02-27 03:04:08 -06:00
|
|
|
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
|
2019-08-03 12:54:30 -05:00
|
|
|
use PragmaRX\Google2FALaravel\Middleware as MFAMiddleware;
|
2018-02-07 03:49:06 -06:00
|
|
|
|
2017-12-17 07:30:53 -06:00
|
|
|
/**
|
|
|
|
* Class Kernel
|
|
|
|
*/
|
2015-02-06 12:33:31 -06:00
|
|
|
class Kernel extends HttpKernel
|
|
|
|
{
|
2017-09-10 01:33:51 -05:00
|
|
|
protected $middleware
|
|
|
|
= [
|
2018-08-25 00:55:32 -05:00
|
|
|
SecureHeaders::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
CheckForMaintenanceMode::class,
|
|
|
|
ValidatePostSize::class,
|
|
|
|
TrimStrings::class,
|
|
|
|
ConvertEmptyStringsToNull::class,
|
|
|
|
TrustProxies::class,
|
2020-03-17 09:01:00 -05:00
|
|
|
InstallationId::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
];
|
2023-05-29 06:56:55 -05:00
|
|
|
protected $middlewareAliases
|
|
|
|
= [
|
|
|
|
'auth' => Authenticate::class,
|
|
|
|
'auth.basic' => AuthenticateWithBasicAuth::class,
|
|
|
|
'bindings' => Binder::class,
|
|
|
|
'can' => Authorize::class,
|
|
|
|
'guest' => RedirectIfAuthenticated::class,
|
|
|
|
'throttle' => ThrottleRequests::class,
|
|
|
|
];
|
2017-09-10 01:33:51 -05:00
|
|
|
protected $middlewareGroups
|
|
|
|
= [
|
|
|
|
// does not check login
|
|
|
|
// does not check 2fa
|
|
|
|
// does not check activation
|
2019-02-13 10:38:41 -06:00
|
|
|
'web' => [
|
2017-09-10 01:33:51 -05:00
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2017-10-27 11:56:38 -05:00
|
|
|
StartFireflySession::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
2020-06-27 08:42:18 -05:00
|
|
|
AuthenticateSession::class,
|
2020-07-19 06:06:22 -05:00
|
|
|
CreateFreshApiToken::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
],
|
|
|
|
|
2018-08-12 07:26:11 -05:00
|
|
|
// only the basic variable binders.
|
|
|
|
'binders-only' => [
|
|
|
|
Installer::class,
|
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
|
|
|
Binder::class,
|
|
|
|
],
|
|
|
|
|
2017-09-10 01:33:51 -05:00
|
|
|
// MUST NOT be logged in. Does not care about 2FA or confirmation.
|
|
|
|
'user-not-logged-in' => [
|
2018-03-07 13:21:36 -06:00
|
|
|
Installer::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2017-10-27 11:56:38 -05:00
|
|
|
StartFireflySession::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
2018-02-09 08:01:22 -06:00
|
|
|
Binder::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
RedirectIfAuthenticated::class,
|
|
|
|
],
|
|
|
|
// MUST be logged in.
|
|
|
|
// MUST NOT have 2FA
|
|
|
|
// don't care about confirmation:
|
|
|
|
'user-logged-in-no-2fa' => [
|
2018-03-07 13:21:36 -06:00
|
|
|
Installer::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2017-10-27 11:56:38 -05:00
|
|
|
StartFireflySession::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
2018-02-09 08:01:22 -06:00
|
|
|
Binder::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
Authenticate::class,
|
2023-12-20 12:35:52 -06:00
|
|
|
// RedirectIfTwoFactorAuthenticated::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
],
|
|
|
|
|
|
|
|
// MUST be logged in
|
|
|
|
// don't care about 2fa
|
|
|
|
// don't care about confirmation.
|
|
|
|
'user-simple-auth' => [
|
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2017-10-27 11:56:38 -05:00
|
|
|
StartFireflySession::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
2018-02-09 08:01:22 -06:00
|
|
|
Binder::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
Authenticate::class,
|
|
|
|
],
|
|
|
|
|
|
|
|
// MUST be logged in
|
|
|
|
// MUST have 2fa
|
|
|
|
// MUST be confirmed.
|
2020-11-24 23:25:08 -06:00
|
|
|
// (this group includes the other Firefly III middleware)
|
2017-09-10 01:33:51 -05:00
|
|
|
'user-full-auth' => [
|
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2017-10-27 11:56:38 -05:00
|
|
|
StartFireflySession::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
|
|
|
Authenticate::class,
|
2019-08-03 12:54:30 -05:00
|
|
|
MFAMiddleware::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
Range::class,
|
2018-02-09 08:01:22 -06:00
|
|
|
Binder::class,
|
2019-08-05 12:45:20 -05:00
|
|
|
InterestingMessage::class,
|
2020-07-19 06:06:22 -05:00
|
|
|
CreateFreshApiToken::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
],
|
|
|
|
// MUST be logged in
|
|
|
|
// MUST have 2fa
|
|
|
|
// MUST be confirmed.
|
|
|
|
// MUST have owner role
|
2020-11-24 23:25:08 -06:00
|
|
|
// (this group includes the other Firefly III middleware)
|
2017-09-10 01:33:51 -05:00
|
|
|
'admin' => [
|
|
|
|
EncryptCookies::class,
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2017-10-27 11:56:38 -05:00
|
|
|
StartFireflySession::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
|
|
|
Authenticate::class,
|
2023-12-20 12:35:52 -06:00
|
|
|
// AuthenticateTwoFactor::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
IsAdmin::class,
|
|
|
|
Range::class,
|
2018-02-09 08:01:22 -06:00
|
|
|
Binder::class,
|
2018-02-04 01:14:03 -06:00
|
|
|
CreateFreshApiToken::class,
|
2017-09-10 01:33:51 -05:00
|
|
|
],
|
|
|
|
|
2023-01-01 07:25:52 -06:00
|
|
|
// full API authentication
|
2023-02-22 11:14:14 -06:00
|
|
|
'api' => [
|
2022-06-23 02:33:43 -05:00
|
|
|
AcceptHeaders::class,
|
2022-02-27 03:04:08 -06:00
|
|
|
EnsureFrontendRequestsAreStateful::class,
|
|
|
|
'auth:api,sanctum',
|
2018-02-09 08:01:22 -06:00
|
|
|
'bindings',
|
2017-09-10 01:33:51 -05:00
|
|
|
],
|
2023-01-01 07:25:52 -06:00
|
|
|
// do only bindings, no auth
|
2023-02-22 11:14:14 -06:00
|
|
|
'api_basic' => [
|
2023-01-10 12:56:38 -06:00
|
|
|
AcceptHeaders::class,
|
2021-03-21 05:06:08 -05:00
|
|
|
'bindings',
|
|
|
|
],
|
2017-09-10 01:33:51 -05:00
|
|
|
];
|
2019-03-16 15:54:25 -05:00
|
|
|
protected $middlewarePriority
|
|
|
|
= [
|
|
|
|
StartFireflySession::class,
|
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
Authenticate::class,
|
|
|
|
Binder::class,
|
|
|
|
Authorize::class,
|
|
|
|
];
|
2015-02-05 21:39:52 -06:00
|
|
|
}
|