From 068442432887baa52f703a4181196dab75790860 Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Wed, 26 Feb 2025 17:19:23 +1100
Subject: [PATCH] Force PLA to not allow guests viewing the site, and thus
 requiring a login. This should close #288

---
 app/Classes/LDAP/Server.php            |  2 +-
 app/Http/Middleware/AllowAnonymous.php | 26 ++++++++++++++++
 app/Providers/AppServiceProvider.php   |  9 +++---
 bootstrap/app.php                      |  3 +-
 config/pla.php                         | 12 ++++++++
 routes/api.php                         | 15 ++++------
 routes/channels.php                    | 18 -----------
 routes/web.php                         | 41 +++++++++++++++-----------
 8 files changed, 74 insertions(+), 52 deletions(-)
 create mode 100644 app/Http/Middleware/AllowAnonymous.php
 delete mode 100644 routes/channels.php

diff --git a/app/Classes/LDAP/Server.php b/app/Classes/LDAP/Server.php
index bda5e160..cf9124ca 100644
--- a/app/Classes/LDAP/Server.php
+++ b/app/Classes/LDAP/Server.php
@@ -214,7 +214,7 @@ final class Server
 	 * @throws ObjectNotFoundException
 	 * @testedin TranslateOidTest::testRootDSE();
 	 */
-	public static function rootDSE(?string $connection=NULL,Carbon $cachetime=NULL): ?Model
+	public static function rootDSE(?string $connection=NULL,?Carbon $cachetime=NULL): ?Model
 	{
 		$e = new Entry;
 
diff --git a/app/Http/Middleware/AllowAnonymous.php b/app/Http/Middleware/AllowAnonymous.php
new file mode 100644
index 00000000..cd94a106
--- /dev/null
+++ b/app/Http/Middleware/AllowAnonymous.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cookie;
+
+class AllowAnonymous
+{
+	/**
+	 * Handle an incoming request.
+	 *
+	 * @param \Illuminate\Http\Request $request
+	 * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
+	 * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+	 */
+	public function handle(Request $request,Closure $next): mixed
+	{
+		if (((! Cookie::has('username_encrypt')) || (! Cookie::has('password_encrypt'))) && (! config('pla.allow_guest',FALSE)))
+			return redirect()
+				->to('/login');
+
+		return $next($request);
+	}
+}
\ No newline at end of file
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index bf1b828e..21081cc3 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -31,10 +31,9 @@ class AppServiceProvider extends ServiceProvider
 		$this->loadViewsFrom(__DIR__.'/../../resources/themes/architect/views/','architect');
 
 		// Enable pluck on collections to work on private values
-		Collection::macro('ppluck', function ($attr) {
-			return $this->map(function (object $item) use ($attr) {
-				return $item->{$attr};
-			})->values();
-		});
+		Collection::macro('ppluck',
+			fn($attr)=>$this
+				->map(fn($item)=>$item->{$attr})
+				->values());
 	}
 }
\ No newline at end of file
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 821d7eb0..e53b812f 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -5,7 +5,7 @@ use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
 
-use App\Http\Middleware\{ApplicationSession,CheckUpdate,SwapinAuthUser};
+use App\Http\Middleware\{AllowAnonymous,ApplicationSession,CheckUpdate,SwapinAuthUser};
 
 return Application::configure(basePath: dirname(__DIR__))
 	->withRouting(
@@ -25,6 +25,7 @@ return Application::configure(basePath: dirname(__DIR__))
 			EncryptCookies::class,
 			ApplicationSession::class,
 			SwapinAuthUser::class,
+			AllowAnonymous::class,
 		]);
 
 		$middleware->trustProxies(at: [
diff --git a/config/pla.php b/config/pla.php
index ee1f1355..e3d0f752 100644
--- a/config/pla.php
+++ b/config/pla.php
@@ -31,6 +31,18 @@ return [
 	],
 	*/
 
+	/*
+	 |--------------------------------------------------------------------------
+	 | Allow Guest
+	 |--------------------------------------------------------------------------
+	 |
+	 | This will determine whether a user can connect to PLA and show the tree
+	 | before they have logged in.
+	 |
+	 */
+
+	'allow_guest' => env('LDAP_ALLOW_GUEST',FALSE),
+
 	/*
 	 |--------------------------------------------------------------------------
 	 | Custom Date Format
diff --git a/routes/api.php b/routes/api.php
index e8ab720b..6af785b3 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -15,12 +15,9 @@ use App\Http\Controllers\APIController;
 |
 */
 
-Route::group([],function() {
-	Route::get('bases',[APIController::class,'bases']);
-	Route::get('children',[APIController::class,'children']);
-	Route::post('schema/view',[APIController::class,'schema_view']);
-	Route::post('schema/objectclass/attrs/{id}',[APIController::class,'schema_objectclass_attrs']);
-});
-
-Route::group(['middleware'=>'auth:api','prefix'=>'user'],function() {
-});
+Route::controller(APIController::class)->group(function() {
+	Route::get('bases','bases');
+	Route::get('children','children');
+	Route::post('schema/view','schema_view');
+	Route::post('schema/objectclass/attrs/{id}','schema_objectclass_attrs');
+});
\ No newline at end of file
diff --git a/routes/channels.php b/routes/channels.php
deleted file mode 100644
index 963b0d21..00000000
--- a/routes/channels.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php
-
-use Illuminate\Support\Facades\Broadcast;
-
-/*
-|--------------------------------------------------------------------------
-| Broadcast Channels
-|--------------------------------------------------------------------------
-|
-| Here you may register all of the event broadcasting channels that your
-| application supports. The given channel authorization callbacks are
-| used to check if an authenticated user can listen to the channel.
-|
-*/
-
-Broadcast::channel('App.User.{id}', function ($user, $id) {
-    return (int) $user->id === (int) $id;
-});
diff --git a/routes/web.php b/routes/web.php
index 36e32ea6..1fa1dcac 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -2,8 +2,9 @@
 
 use Illuminate\Support\Facades\Route;
 
-use App\Http\Controllers\{HomeController,ImportController};
+use App\Http\Controllers\HomeController;
 use App\Http\Controllers\Auth\LoginController;
+use App\Http\Middleware\AllowAnonymous;
 
 /*
 |--------------------------------------------------------------------------
@@ -25,24 +26,28 @@ Auth::routes([
 	'register' => FALSE,
 ]);
 
-Route::get('/',[HomeController::class,'home']);
-Route::get('info',[HomeController::class,'info']);
-Route::post('dn',[HomeController::class,'dn_frame']);
-Route::get('debug',[HomeController::class,'debug']);
-Route::get('import',[HomeController::class,'import_frame']);
-Route::get('schema',[HomeController::class,'schema_frame']);
-
 Route::get('logout',[LoginController::class,'logout']);
 
-Route::group(['prefix'=>'user'],function() {
-	Route::get('image',[HomeController::class,'user_image']);
-});
+Route::controller(HomeController::class)->group(function() {
+	Route::middleware(AllowAnonymous::class)->group(function() {
+		Route::get('/','home');
+		Route::get('info','info');
+		Route::post('dn','dn_frame');
+		Route::get('debug','debug');
+		Route::get('import','import_frame');
+		Route::get('schema','schema_frame');
 
-Route::get('entry/export/{id}',[HomeController::class,'entry_export']);
-Route::post('entry/password/check/',[HomeController::class,'entry_password_check']);
-Route::post('entry/attr/add/{id}',[HomeController::class,'entry_attr_add']);
-Route::post('entry/objectclass/add/{id}',[HomeController::class,'entry_objectclass_add']);
-Route::post('entry/update/commit',[HomeController::class,'entry_update']);
-Route::post('entry/update/pending',[HomeController::class,'entry_pending_update']);
+		Route::group(['prefix'=>'user'],function() {
+			Route::get('image','user_image');
+		});
 
-Route::post('import/process/{type}',[HomeController::class,'import']);
\ No newline at end of file
+		Route::get('entry/export/{id}','entry_export');
+		Route::post('entry/password/check/','entry_password_check');
+		Route::post('entry/attr/add/{id}','entry_attr_add');
+		Route::post('entry/objectclass/add/{id}','entry_objectclass_add');
+		Route::post('entry/update/commit','entry_update');
+		Route::post('entry/update/pending','entry_pending_update');
+
+		Route::post('import/process/{type}','import');
+	});
+});
\ No newline at end of file