From e0d8f6ac33cc39eb744555eae113bb159d8f3032 Mon Sep 17 00:00:00 2001 From: Alex Renoki Date: Tue, 1 Dec 2020 19:43:18 +0200 Subject: [PATCH] Check for key app on authorization --- src/Statistics/Http/Middleware/Authorize.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Statistics/Http/Middleware/Authorize.php b/src/Statistics/Http/Middleware/Authorize.php index 277d8e4..4611dc5 100644 --- a/src/Statistics/Http/Middleware/Authorize.php +++ b/src/Statistics/Http/Middleware/Authorize.php @@ -8,6 +8,10 @@ class Authorize { public function handle($request, $next) { - return is_null(App::findBySecret($request->secret)) ? abort(403) : $next($request); + $app = App::findByKey($request->key); + + return is_null($app) || $app->secret !== $request->secret + ? abort(403) + : $next($request); } }