You've already forked Atomcms-edit
root
4094f0fb14
HIGH: - Add missing import RadioSongRequestFormRequest (fixes crash on POST) - Add Purify XSS sanitization for article full_story - Fix duplicate radio API routes (/api/radio vs /api/radio/v2) - Add try-catch guards in InstallationController for missing records MEDIUM: - Fix N+1: eager load comments.user in ArticleController::show() - Fix GuestbookController authorization logic - Remove dead doSetup() method and duplicate route - Extract shared HasRadioDefaults trait (remove code duplication) - Use named routes in ForceStaffTwoFactorMiddleware - Fix WebsiteHelpCenterTicket::isOpen() (no permission leak) - Enable on WebsiteHelpCenterTicket (matches schema) - Replace WebsiteTeam::all()->pluck() with direct pluck() - Replace CatalogPage::all()->pluck() with direct pluck() - Replace WebsiteBadge::all() with direct pluck() - Add throttle middleware to guestbook store, logo-generator, radio embed LOW: - Remove unused imports - Remove dead /inertia-test route - Consolidate cache keys in RadioController
31 lines
787 B
PHP
Executable File
31 lines
787 B
PHP
Executable File
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class ForceStaffTwoFactorMiddleware
|
|
{
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
if (! Auth::check() || ! setting('force_staff_2fa')) {
|
|
return $next($request);
|
|
}
|
|
|
|
$user = $request->user();
|
|
$allowedRoutes = [
|
|
'settings.two-factor',
|
|
'two-factor.verify',
|
|
];
|
|
|
|
if (($user->rank >= setting('min_staff_rank') && ! $user->two_factor_confirmed) && ! in_array(request()->route()?->getName(), $allowedRoutes)) {
|
|
return to_route('settings.two-factor');
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
}
|