blax-software
/
laravel-websockets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #626 from beyondcode/fix/check-app-key 

[fix] Check for key app on authorization
This commit is contained in:
rennokki 2021-01-23 16:46:10 +02:00 committed by GitHub
parent f08e4f287a df613de727
commit e9b9cc4002
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Statistics/Http/Middleware/Authorize.php
View File

@ -8,6 +8,10 @@ class Authorize
{ {
public function handle($request, $next) public function handle($request, $next)
{ {
return is_null(App::findBySecret($request->secret)) ? abort(403) : $next($request); $app = App::findByKey($request->key);
return is_null($app) || $app->secret !== $request->secret
? abort(403)
: $next($request);
} }
} }

1
tests/Statistics/Controllers/WebSocketsStatisticsControllerTest.php
View File

@ -14,6 +14,7 @@ class WebSocketsStatisticsControllerTest extends TestCase
$this->post( $this->post(
action([WebSocketStatisticsEntriesController::class, 'store']), action([WebSocketStatisticsEntriesController::class, 'store']),
array_merge($this->payload(), [ array_merge($this->payload(), [
'key' => config('websockets.apps.0.key'),
'secret' => config('websockets.apps.0.secret'), 'secret' => config('websockets.apps.0.secret'),
]) ])
); );