From e0d8f6ac33cc39eb744555eae113bb159d8f3032 Mon Sep 17 00:00:00 2001
From: Alex Renoki <rennokki@gmail.com>
Date: Tue, 1 Dec 2020 19:43:18 +0200
Subject: [PATCH 1/2] Check for key app on authorization

---
 src/Statistics/Http/Middleware/Authorize.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Statistics/Http/Middleware/Authorize.php b/src/Statistics/Http/Middleware/Authorize.php
index 277d8e4..4611dc5 100644
--- a/src/Statistics/Http/Middleware/Authorize.php
+++ b/src/Statistics/Http/Middleware/Authorize.php
@@ -8,6 +8,10 @@ class Authorize
 {
     public function handle($request, $next)
     {
-        return is_null(App::findBySecret($request->secret)) ? abort(403) : $next($request);
+        $app = App::findByKey($request->key);
+
+        return is_null($app) || $app->secret !== $request->secret
+            ? abort(403)
+            : $next($request);
     }
 }

From df613de727fa5e95c471b35ae54b7ca6212442ed Mon Sep 17 00:00:00 2001
From: Alex Renoki <rennokki@gmail.com>
Date: Tue, 19 Jan 2021 12:20:58 +0200
Subject: [PATCH 2/2] Also passing the key on the request

---
 .../Controllers/WebSocketsStatisticsControllerTest.php           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/Statistics/Controllers/WebSocketsStatisticsControllerTest.php b/tests/Statistics/Controllers/WebSocketsStatisticsControllerTest.php
index 14e4629..beede8a 100644
--- a/tests/Statistics/Controllers/WebSocketsStatisticsControllerTest.php
+++ b/tests/Statistics/Controllers/WebSocketsStatisticsControllerTest.php
@@ -14,6 +14,7 @@ class WebSocketsStatisticsControllerTest extends TestCase
         $this->post(
             action([WebSocketStatisticsEntriesController::class, 'store']),
             array_merge($this->payload(), [
+                'key' => config('websockets.apps.0.key'),
                 'secret' => config('websockets.apps.0.secret'),
             ])
         );