Sultan
/
invoiceninja
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

protect routes

This commit is contained in:
David Bomba 2025-09-04 09:58:46 +10:00
parent 0f24a1dd54
commit 18e46d3c88
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/AccountController.php
View File

@ -86,8 +86,8 @@ class AccountController extends BaseController
} }
if ($request->has('hash') && config('ninja.cloudflare.turnstile.secret')) { //@todo once all platforms are implemented, we disable access to the rest of this route without a success response. if ($request->has('hash') && config('ninja.cloudflare.turnstile.secret')) {
if (Secure::decrypt($request->input('hash')) !== $request->input('email')) { if (Secure::decrypt($request->input('hash')) !== $request->input('email')) {
return response()->json(['message' => 'Invalid Signup Payload'], 400); return response()->json(['message' => 'Invalid Signup Payload'], 400);
} }

2
app/Http/Controllers/ConnectedAccountController.php
View File

@ -111,7 +111,7 @@ class ConnectedAccountController extends BaseController
nlog("microsoft"); nlog("microsoft");
nlog($email); nlog($email);
if (auth()->user()->email != $email && MultiDB::checkUserEmailExists($email)) { if (strtolower(auth()->user()->email) != strtolower($email) && MultiDB::checkUserEmailExists(strtolower($email))) {
return response()->json(['message' => ctrans('texts.email_already_register')], 400); return response()->json(['message' => ctrans('texts.email_already_register')], 400);
} }

2
app/Http/Requests/Account/CreateAccountRequest.php
View File

@ -62,7 +62,7 @@ class CreateAccountRequest extends Request
public function prepareForValidation() public function prepareForValidation()
{ {
nlog(array_merge(['signup' => 'true', 'ipaddy' => request()->ip()], $this->all())); nlog(array_merge(['signup' => 'true', 'ipaddy' => request()->ip(), 'headers' => request()->headers->all()], $this->all()));
$input = $this->all(); $input = $this->all();

4
routes/api.php
View File

@ -514,3 +514,7 @@ Route::get('/health', function () {
'message' => 'API is healthy', 'message' => 'API is healthy',
]); ]);
})->middleware('throttle:20,1'); })->middleware('throttle:20,1');
Route::get('/api/v1/signup/protect', function () {
return response()->json(['status' => 'ok']);
})->middleware('throttle:10,1');