Skip to content

Commit

Permalink
Merge pull request #331 from opcodesio/bug/disable-log-viewer-in-prod…
Browse files Browse the repository at this point in the history
…uction-by-default

Security / disable log viewer in production by default
  • Loading branch information
arukompas authored Feb 14, 2024
2 parents d84cfd1 + cafc42f commit 12a845d
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/LogLevels/LaravelLogLevel.php
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public function getClass(): LevelClass
{
return match ($this->value) {
self::Debug, self::Info => LevelClass::info(),
self::Notice =>LevelClass::notice(),
self::Notice => LevelClass::notice(),
self::Warning => LevelClass::warning(),
self::Error, self::Critical, self::Alert, self::Emergency => LevelClass::danger(),
default => LevelClass::none(),
Expand Down
5 changes: 5 additions & 0 deletions src/LogViewerService.php
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,11 @@ public function auth($callback = null): void
}
}

public function hasAuthCallback(): bool
{
return isset($this->authCallback);
}

public function lazyScanChunkSize(): int
{
return intval(config('log-viewer.lazy_scan_chunk_size_in_mb', 100)) * 1024 * 1024;
Expand Down
6 changes: 6 additions & 0 deletions src/LogViewerServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,12 @@ protected function defineDefaultGates()
if (! Gate::has('deleteLogFolder')) {
Gate::define('deleteLogFolder', fn (mixed $user, LogFolder $folder) => true);
}

if ($this->app->isProduction() && ! Gate::has('viewLogViewer') && ! LogViewer::hasAuthCallback()) {
// Disable Log Viewer in production by default. In order to allow access,
// developers will have to define a "viewLogViewer" gate or an "auth" callback.
LogViewer::auth(fn ($request) => false);
}
}

/**
Expand Down
16 changes: 16 additions & 0 deletions tests/Feature/Authorization/CanViewLogViewerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,19 @@
Gate::define('viewLogViewer', fn ($user = null) => true);
get(route('log-viewer.index'))->assertOk();
});

test('local environment can use Log Viewer by default', function () {
app()->detectEnvironment(fn () => 'local');
expect(app()->isProduction())->toBeFalse();
(new \Opcodes\LogViewer\LogViewerServiceProvider(app()))->boot();

get(route('log-viewer.index'))->assertOk();
});

test('Log Viewer is blocked in production environment by default', function () {
app()->detectEnvironment(fn () => 'production');
expect(app()->isProduction())->toBeTrue();
(new \Opcodes\LogViewer\LogViewerServiceProvider(app()))->boot();

get(route('log-viewer.index'))->assertForbidden();
});

0 comments on commit 12a845d

Please sign in to comment.