Skip to content

Commit

Permalink
Merge pull request #332 from opcodesio/improvement/production-authori…
Browse files Browse the repository at this point in the history
…zation

better handling of the production block
  • Loading branch information
arukompas authored Feb 14, 2024
2 parents 12a845d + 13cbf01 commit 79bfe71
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 8 deletions.
2 changes: 2 additions & 0 deletions config/log-viewer.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@

'enabled' => env('LOG_VIEWER_ENABLED', true),

'require_auth_in_production' => true,

/*
|--------------------------------------------------------------------------
| Log Viewer Domain
Expand Down
11 changes: 11 additions & 0 deletions src/Http/Middleware/AuthorizeLogViewer.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,23 @@

namespace Opcodes\LogViewer\Http\Middleware;

use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\Gate;
use Opcodes\LogViewer\Facades\LogViewer;

class AuthorizeLogViewer
{
public function handle($request, $next)
{
if (
config('log-viewer.require_auth_in_production', false)
&& App::isProduction()
&& ! Gate::has('viewLogViewer')
&& ! LogViewer::hasAuthCallback()
) {
abort(403);
}

LogViewer::auth();

return $next($request);
Expand Down
6 changes: 0 additions & 6 deletions src/LogViewerServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -134,12 +134,6 @@ protected function defineDefaultGates()
if (! Gate::has('deleteLogFolder')) {
Gate::define('deleteLogFolder', fn (mixed $user, LogFolder $folder) => true);
}

if ($this->app->isProduction() && ! Gate::has('viewLogViewer') && ! LogViewer::hasAuthCallback()) {
// Disable Log Viewer in production by default. In order to allow access,
// developers will have to define a "viewLogViewer" gate or an "auth" callback.
LogViewer::auth(fn ($request) => false);
}
}

/**
Expand Down
16 changes: 14 additions & 2 deletions tests/Feature/Authorization/CanViewLogViewerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,15 +40,27 @@
test('local environment can use Log Viewer by default', function () {
app()->detectEnvironment(fn () => 'local');
expect(app()->isProduction())->toBeFalse();
(new \Opcodes\LogViewer\LogViewerServiceProvider(app()))->boot();

get(route('log-viewer.index'))->assertOk();
});

test('Log Viewer is blocked in production environment by default', function () {
app()->detectEnvironment(fn () => 'production');
expect(app()->isProduction())->toBeTrue();
(new \Opcodes\LogViewer\LogViewerServiceProvider(app()))->boot();

get(route('log-viewer.index'))->assertForbidden();

// but if configuration allows...
config(['log-viewer.require_auth_in_production' => false]);
get(route('log-viewer.index'))->assertOk();
});

test('Log Viewer is not blocked if the Log Viewer auth middleware is not used', function () {
config(['log-viewer.middleware' => ['web']]);
app()->detectEnvironment(fn () => 'production');
expect(app()->isProduction())->toBeTrue();
// need to reload the routes in order for the new middleware to take place.
(new \Opcodes\LogViewer\LogViewerServiceProvider(app()))->boot();

get(route('log-viewer.index'))->assertOk();
});

0 comments on commit 79bfe71

Please sign in to comment.