From c40be5299c3a0d5dd70b130c3933aa1e3346e37d Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Sat, 9 Sep 2017 22:02:20 +0200
Subject: [PATCH] Kernel middleware in separate commit.

---
 app/Http/Kernel.php                           | 193 +++---------------
 app/Http/Middleware/EncryptCookies.php        |  26 +--
 .../Middleware/RedirectIfAuthenticated.php    |  24 +--
 app/Http/Middleware/TrimStrings.php           |  18 ++
 app/Http/Middleware/TrustProxies.php          |  29 +++
 5 files changed, 86 insertions(+), 204 deletions(-)
 create mode 100644 app/Http/Middleware/TrimStrings.php
 create mode 100644 app/Http/Middleware/TrustProxies.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 5224ad8579..ecfa351e1d 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -1,62 +1,11 @@
 <?php
-/**
- * Kernel.php
- * Copyright (C) 2016 thegrumpydictator@gmail.com
- *
- * This software may be modified and distributed under the terms of the
- * Creative Commons Attribution-ShareAlike 4.0 International License.
- *
- * See the LICENSE file for details.
- */
-declare(strict_types=1);
 
 namespace FireflyIII\Http;
 
-use FireflyIII\Http\Middleware\Authenticate;
-use FireflyIII\Http\Middleware\AuthenticateTwoFactor;
-use FireflyIII\Http\Middleware\Binder;
-use FireflyIII\Http\Middleware\EncryptCookies;
-use FireflyIII\Http\Middleware\IsAdmin;
-use FireflyIII\Http\Middleware\Range;
-use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
-use FireflyIII\Http\Middleware\RedirectIfTwoFactorAuthenticated;
-use FireflyIII\Http\Middleware\Sandstorm;
-use FireflyIII\Http\Middleware\StartFireflySession;
-use FireflyIII\Http\Middleware\VerifyCsrfToken;
-use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
-use Illuminate\Auth\Middleware\Authorize;
-use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
-use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
-use Illuminate\Routing\Middleware\SubstituteBindings;
-use Illuminate\Routing\Middleware\ThrottleRequests;
-use Illuminate\View\Middleware\ShareErrorsFromSession;
 
-/**
- * Class Kernel
- *
- * @package FireflyIII\Http
- */
 class Kernel extends HttpKernel
 {
-
-    /**
-     * The bootstrap classes for the application.
-     *
-     * Next upgrade verify these are the same.
-     *
-     * @var array
-     */
-    protected $bootstrappers
-        = [
-            'Illuminate\Foundation\Bootstrap\LoadEnvironmentVariables',
-            'Illuminate\Foundation\Bootstrap\LoadConfiguration',
-            'Illuminate\Foundation\Bootstrap\HandleExceptions',
-            'Illuminate\Foundation\Bootstrap\RegisterFacades',
-            'Illuminate\Foundation\Bootstrap\RegisterProviders',
-            'Illuminate\Foundation\Bootstrap\BootProviders',
-        ];
-
     /**
      * The application's global HTTP middleware stack.
      *
@@ -64,115 +13,35 @@ class Kernel extends HttpKernel
      *
      * @var array
      */
-    protected $middleware
-        = [
-            CheckForMaintenanceMode::class,
-        ];
+    protected $middleware = [
+        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
+        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
+        \FireflyIII\Http\Middleware\TrimStrings::class,
+        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        \FireflyIII\Http\Middleware\TrustProxies::class,
+    ];
 
     /**
      * The application's route middleware groups.
      *
      * @var array
      */
-    protected $middlewareGroups
-        = [
-            // does not check login
-            // does not check 2fa
-            // does not check activation
-            'web'                   => [
-                Sandstorm::class,
-                EncryptCookies::class,
-                AddQueuedCookiesToResponse::class,
-                StartFireflySession::class,
-                ShareErrorsFromSession::class,
-                VerifyCsrfToken::class,
-                SubstituteBindings::class,
-            ],
+    protected $middlewareGroups = [
+        'web' => [
+            \FireflyIII\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            // \Illuminate\Session\Middleware\AuthenticateSession::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \FireflyIII\Http\Middleware\VerifyCsrfToken::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
 
-
-            // MUST NOT be logged in. Does not care about 2FA or confirmation.
-            'user-not-logged-in'    => [
-                Sandstorm::class,
-                EncryptCookies::class,
-                AddQueuedCookiesToResponse::class,
-                StartFireflySession::class,
-                ShareErrorsFromSession::class,
-                VerifyCsrfToken::class,
-                SubstituteBindings::class,
-                RedirectIfAuthenticated::class,
-            ],
-            // MUST be logged in.
-            // MUST NOT have 2FA
-            // don't care about confirmation:
-            'user-logged-in-no-2fa' => [
-                Sandstorm::class,
-                EncryptCookies::class,
-                AddQueuedCookiesToResponse::class,
-                StartFireflySession::class,
-                ShareErrorsFromSession::class,
-                VerifyCsrfToken::class,
-                SubstituteBindings::class,
-                Authenticate::class,
-                RedirectIfTwoFactorAuthenticated::class,
-            ],
-
-            // MUST be logged in
-            // don't care about 2fa
-            // don't care about confirmation.
-            'user-simple-auth'      => [
-                Sandstorm::class,
-                EncryptCookies::class,
-                AddQueuedCookiesToResponse::class,
-                StartFireflySession::class,
-                ShareErrorsFromSession::class,
-                VerifyCsrfToken::class,
-                SubstituteBindings::class,
-                Authenticate::class,
-            ],
-
-            // MUST be logged in
-            // MUST have 2fa
-            // MUST be confirmed.
-            // (this group includes the other Firefly middleware)
-            'user-full-auth'        => [
-                Sandstorm::class,
-                EncryptCookies::class,
-                AddQueuedCookiesToResponse::class,
-                StartFireflySession::class,
-                ShareErrorsFromSession::class,
-                VerifyCsrfToken::class,
-                SubstituteBindings::class,
-                Authenticate::class,
-                AuthenticateTwoFactor::class,
-                Range::class,
-                Binder::class,
-            ],
-            // MUST be logged in
-            // MUST have 2fa
-            // MUST be confirmed.
-            // MUST have owner role
-            // (this group includes the other Firefly middleware)
-            'admin'                 => [
-                Sandstorm::class,
-                EncryptCookies::class,
-                AddQueuedCookiesToResponse::class,
-                StartFireflySession::class,
-                ShareErrorsFromSession::class,
-                VerifyCsrfToken::class,
-                SubstituteBindings::class,
-                Authenticate::class,
-                AuthenticateTwoFactor::class,
-                IsAdmin::class,
-                Range::class,
-                Binder::class,
-            ],
-
-
-            'api' => [
-                'throttle:60,1',
-                'bindings',
-            ],
-        ];
+        'api' => [
+            'throttle:60,1',
+            'bindings',
+        ],
+    ];
 
     /**
      * The application's route middleware.
@@ -181,14 +50,12 @@ class Kernel extends HttpKernel
      *
      * @var array
      */
-    protected $routeMiddleware
-        = [
-            'auth'       => Authenticate::class,
-            'auth.basic' => AuthenticateWithBasicAuth::class,
-            'bindings'   => SubstituteBindings::class,
-            'can'        => Authorize::class,
-            'guest'      => RedirectIfAuthenticated::class,
-            'throttle'   => ThrottleRequests::class,
-            'range'      => Range::class,
-        ];
+    protected $routeMiddleware = [
+        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
+        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
+        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        'can' => \Illuminate\Auth\Middleware\Authorize::class,
+        'guest' => \FireflyIII\Http\Middleware\RedirectIfAuthenticated::class,
+        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+    ];
 }
diff --git a/app/Http/Middleware/EncryptCookies.php b/app/Http/Middleware/EncryptCookies.php
index 85188c9c17..02b03e6f73 100644
--- a/app/Http/Middleware/EncryptCookies.php
+++ b/app/Http/Middleware/EncryptCookies.php
@@ -1,33 +1,17 @@
 <?php
-/**
- * EncryptCookies.php
- * Copyright (C) 2016 thegrumpydictator@gmail.com
- *
- * This software may be modified and distributed under the terms of the
- * Creative Commons Attribution-ShareAlike 4.0 International License.
- *
- * See the LICENSE file for details.
- */
-declare(strict_types=1);
 
 namespace FireflyIII\Http\Middleware;
 
-use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;
+use Illuminate\Cookie\Middleware\EncryptCookies as Middleware;
 
-/**
- * Class EncryptCookies
- *
- * @package FireflyIII\Http\Middleware
- */
-class EncryptCookies extends BaseEncrypter
+class EncryptCookies extends Middleware
 {
     /**
      * The names of the cookies that should not be encrypted.
      *
      * @var array
      */
-    protected $except
-        = [
-            //
-        ];
+    protected $except = [
+        //
+    ];
 }
diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php
index e2ba0517f2..c36ea4c7a6 100644
--- a/app/Http/Middleware/RedirectIfAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfAuthenticated.php
@@ -1,40 +1,24 @@
 <?php
-/**
- * RedirectIfAuthenticated.php
- * Copyright (C) 2016 thegrumpydictator@gmail.com
- *
- * This software may be modified and distributed under the terms of the
- * Creative Commons Attribution-ShareAlike 4.0 International License.
- *
- * See the LICENSE file for details.
- */
-declare(strict_types=1);
 
 namespace FireflyIII\Http\Middleware;
 
 use Closure;
 use Illuminate\Support\Facades\Auth;
 
-/**
- * Class RedirectIfAuthenticated
- *
- * @package FireflyIII\Http\Middleware
- */
 class RedirectIfAuthenticated
 {
     /**
      * Handle an incoming request.
      *
-     * @param  \Illuminate\Http\Request $request
-     * @param  \Closure                 $next
-     * @param  string|null              $guard
-     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @param  string|null  $guard
      * @return mixed
      */
     public function handle($request, Closure $next, $guard = null)
     {
         if (Auth::guard($guard)->check()) {
-            return redirect('/');
+            return redirect('/home');
         }
 
         return $next($request);
diff --git a/app/Http/Middleware/TrimStrings.php b/app/Http/Middleware/TrimStrings.php
new file mode 100644
index 0000000000..01aa1f52b2
--- /dev/null
+++ b/app/Http/Middleware/TrimStrings.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace FireflyIII\Http\Middleware;
+
+use Illuminate\Foundation\Http\Middleware\TrimStrings as Middleware;
+
+class TrimStrings extends Middleware
+{
+    /**
+     * The names of the attributes that should not be trimmed.
+     *
+     * @var array
+     */
+    protected $except = [
+        'password',
+        'password_confirmation',
+    ];
+}
diff --git a/app/Http/Middleware/TrustProxies.php b/app/Http/Middleware/TrustProxies.php
new file mode 100644
index 0000000000..c9ee77c3ac
--- /dev/null
+++ b/app/Http/Middleware/TrustProxies.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace FireflyIII\Http\Middleware;
+
+use Illuminate\Http\Request;
+use Fideloper\Proxy\TrustProxies as Middleware;
+
+class TrustProxies extends Middleware
+{
+    /**
+     * The trusted proxies for this application.
+     *
+     * @var array
+     */
+    protected $proxies;
+
+    /**
+     * The current proxy header mappings.
+     *
+     * @var array
+     */
+    protected $headers = [
+        Request::HEADER_FORWARDED => 'FORWARDED',
+        Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
+        Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
+        Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
+        Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
+    ];
+}