PriceyBot/PriceyBotPanel
Archived
5
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects 1 Releases 4 Wiki Activity

fix/headerauth-crash-missing-header #19

Merged
benjamyn merged 5 commits from fix/headerauth-crash-missing-header into master 2023-10-11 00:58:54 -04:00
Conversation 3 Commits 5 Files Changed 1 +4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Middleware/HeaderAuth.php
View File

@ -15,6 +15,10 @@ class HeaderAuth
*/
public function handle(Request $request, Closure $next): Response
{
if (! $request->hasHeader('X-BOTAUTH')) {
llama commented 2023-10-10 01:15:31 -04:00
Outdated
Review
Copy Link

If do empty here instead of is_null

if (empty($request->header('X-BOTAUTH'))) {
If do empty here instead of is_null ``` if (empty($request->header('X-BOTAUTH'))) { ```
kdonaldson commented 2023-10-10 01:56:34 -04:00
Outdated
Review
Copy Link

->hasHeader(...) also works instead of having to do the empty check.

Alternatively you can do this:

$header = $request->header('X-BotAuth'); // Returns null when no value is found by default

if (! $header) {
    // return failure response
}

if (! hash_equals(config('bot.header_auth'), $header)) {
    // return failure response
}

return $next($request);

->header(...) has a second parameter that can be specified as a default value when header is not present.
Most of the time in Laravel when there's a "get" kind of function like this there's a secondary "default" parameter that defaults to null you can use, for example config(...), Arr::get(...), etc.

`->hasHeader(...)` also works instead of having to do the empty check. Alternatively you can do this: ```php $header = $request->header('X-BotAuth'); // Returns null when no value is found by default if (! $header) { // return failure response } if (! hash_equals(config('bot.header_auth'), $header)) { // return failure response } return $next($request); ``` `->header(...)` has a second parameter that can be specified as a default value when header is not present. Most of the time in Laravel when there's a "get" kind of function like this there's a secondary "default" parameter that defaults to null you can use, for example config(...), Arr::get(...), etc.
return response()
->json(["status" => false, "message" => "Unauthorized."], 401);
}
if (!hash_equals(config('bot.header_auth'), $request->header('X-BOTAUTH'))) {
return response('Unauthorized', 401);
}