Force PLA to not allow guests viewing the site, and thus requiring a login.

This should close #288

app/Classes/LDAP/Server.php

@@ -214,7 +214,7 @@ final class Server
 	 * @throws ObjectNotFoundException
 	 * @testedin TranslateOidTest::testRootDSE();
 	 */
-	public static function rootDSE(?string $connection=NULL,Carbon $cachetime=NULL): ?Model
+	public static function rootDSE(?string $connection=NULL,?Carbon $cachetime=NULL): ?Model
 	{
 		$e = new Entry;
 

app/Http/Middleware/AllowAnonymous.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cookie;
+
+class AllowAnonymous
+{
+	/**
+	 * Handle an incoming request.
+	 *
+	 * @param \Illuminate\Http\Request $request
+	 * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
+	 * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+	 */
+	public function handle(Request $request,Closure $next): mixed
+	{
+		if (((! Cookie::has('username_encrypt')) || (! Cookie::has('password_encrypt'))) && (! config('pla.allow_guest',FALSE)))
+			return redirect()
+				->to('/login');
+
+		return $next($request);
+	}
+}

app/Providers/AppServiceProvider.php

@@ -31,10 +31,9 @@ class AppServiceProvider extends ServiceProvider
 		$this->loadViewsFrom(__DIR__.'/../../resources/themes/architect/views/','architect');
 
 		// Enable pluck on collections to work on private values
-		Collection::macro('ppluck', function ($attr) {
-			return $this->map(function (object $item) use ($attr) {
-				return $item->{$attr};
-			})->values();
-		});
+		Collection::macro('ppluck',
+			fn($attr)=>$this
+				->map(fn($item)=>$item->{$attr})
+				->values());
 	}
 }

bootstrap/app.php

@@ -5,7 +5,7 @@ use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
 
-use App\Http\Middleware\{ApplicationSession,CheckUpdate,SwapinAuthUser};
+use App\Http\Middleware\{AllowAnonymous,ApplicationSession,CheckUpdate,SwapinAuthUser};
 
 return Application::configure(basePath: dirname(__DIR__))
 	->withRouting(
@@ -25,6 +25,7 @@ return Application::configure(basePath: dirname(__DIR__))
 			EncryptCookies::class,
 			ApplicationSession::class,
 			SwapinAuthUser::class,
+			AllowAnonymous::class,
 		]);
 
 		$middleware->trustProxies(at: [

config/pla.php

@@ -31,6 +31,18 @@ return [
 	],
 	*/
 
+	/*
+	 |--------------------------------------------------------------------------
+	 | Allow Guest
+	 |--------------------------------------------------------------------------
+	 |
+	 | This will determine whether a user can connect to PLA and show the tree
+	 | before they have logged in.
+	 |
+	 */
+
+	'allow_guest' => env('LDAP_ALLOW_GUEST',FALSE),
+
 	/*
 	 |--------------------------------------------------------------------------
 	 | Custom Date Format

routes/api.php

@@ -15,12 +15,9 @@ use App\Http\Controllers\APIController;
 |
 */
 
-Route::group([],function() {
-	Route::get('bases',[APIController::class,'bases']);
-	Route::get('children',[APIController::class,'children']);
-	Route::post('schema/view',[APIController::class,'schema_view']);
-	Route::post('schema/objectclass/attrs/{id}',[APIController::class,'schema_objectclass_attrs']);
-});
-
-Route::group(['middleware'=>'auth:api','prefix'=>'user'],function() {
+Route::controller(APIController::class)->group(function() {
+	Route::get('bases','bases');
+	Route::get('children','children');
+	Route::post('schema/view','schema_view');
+	Route::post('schema/objectclass/attrs/{id}','schema_objectclass_attrs');
 });

routes/channels.php

@@ -1,18 +0,0 @@
-<?php
-
-use Illuminate\Support\Facades\Broadcast;
-
-/*
-|--------------------------------------------------------------------------
-| Broadcast Channels
-|--------------------------------------------------------------------------
-|
-| Here you may register all of the event broadcasting channels that your
-| application supports. The given channel authorization callbacks are
-| used to check if an authenticated user can listen to the channel.
-|
-*/
-
-Broadcast::channel('App.User.{id}', function ($user, $id) {
-    return (int) $user->id === (int) $id;
-});

routes/web.php

@@ -2,8 +2,9 @@
 
 use Illuminate\Support\Facades\Route;
 
-use App\Http\Controllers\{HomeController,ImportController};
+use App\Http\Controllers\HomeController;
 use App\Http\Controllers\Auth\LoginController;
+use App\Http\Middleware\AllowAnonymous;
 
 /*
 |--------------------------------------------------------------------------
@@ -25,24 +26,28 @@ Auth::routes([
 	'register' => FALSE,
 ]);
 
-Route::get('/',[HomeController::class,'home']);
-Route::get('info',[HomeController::class,'info']);
-Route::post('dn',[HomeController::class,'dn_frame']);
-Route::get('debug',[HomeController::class,'debug']);
-Route::get('import',[HomeController::class,'import_frame']);
-Route::get('schema',[HomeController::class,'schema_frame']);
-
 Route::get('logout',[LoginController::class,'logout']);
 
+Route::controller(HomeController::class)->group(function() {
+	Route::middleware(AllowAnonymous::class)->group(function() {
+		Route::get('/','home');
+		Route::get('info','info');
+		Route::post('dn','dn_frame');
+		Route::get('debug','debug');
+		Route::get('import','import_frame');
+		Route::get('schema','schema_frame');
+
 		Route::group(['prefix'=>'user'],function() {
-	Route::get('image',[HomeController::class,'user_image']);
+			Route::get('image','user_image');
 		});
 
-Route::get('entry/export/{id}',[HomeController::class,'entry_export']);
-Route::post('entry/password/check/',[HomeController::class,'entry_password_check']);
-Route::post('entry/attr/add/{id}',[HomeController::class,'entry_attr_add']);
-Route::post('entry/objectclass/add/{id}',[HomeController::class,'entry_objectclass_add']);
-Route::post('entry/update/commit',[HomeController::class,'entry_update']);
-Route::post('entry/update/pending',[HomeController::class,'entry_pending_update']);
+		Route::get('entry/export/{id}','entry_export');
+		Route::post('entry/password/check/','entry_password_check');
+		Route::post('entry/attr/add/{id}','entry_attr_add');
+		Route::post('entry/objectclass/add/{id}','entry_objectclass_add');
+		Route::post('entry/update/commit','entry_update');
+		Route::post('entry/update/pending','entry_pending_update');
 
-Route::post('import/process/{type}',[HomeController::class,'import']);
+		Route::post('import/process/{type}','import');
+	});
+});