Added Middleware LinkId

JulianPrieber · JulianPrieber · commit 48e32118a135 · 2023-11-02T22:02:20.000+01:00
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -63,6 +63,7 @@ class Kernel extends HttpKernel
         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'link-id' => \App\Http\Middleware\LinkId::class,
 	    'admin' => \App\Http\Middleware\admin::class,
         'blocked' => \App\Http\Middleware\CheckBlockedUser::class,
         'max.users' => \App\Http\Middleware\MaxUsers::class,
diff --git a/app/Http/Middleware/LinkId.php b/app/Http/Middleware/LinkId.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Auth;
+use App\Models\Link;
+use Illuminate\Http\Request;
+
+class LinkId
+{
+    public function handle($request, Closure $next)
+    {
+        $linkId = $request->route('id');
+        $user = Auth::user();
+    
+        $link = Link::find($linkId);
+    
+        if (!$link) {
+            return abort(404);
+        }
+    
+        if ($user->id !== $link->user_id) {
+            return abort(403);
+        }
+    
+        return $next($request);
+    }
+}
diff --git a/routes/web.php b/routes/web.php
@@ -111,16 +111,16 @@
 Route::get('/studio/index', function(){return redirect(url('dashboard'));});
 Route::get('/studio/add-link', [UserController::class, 'AddUpdateLink'])->name('showButtons');
 Route::post('/studio/edit-link', [UserController::class, 'saveLink'])->name('addLink');
-Route::get('/studio/edit-link/{id}', [UserController::class, 'AddUpdateLink'])->name('showLink');
+Route::get('/studio/edit-link/{id}', [UserController::class, 'AddUpdateLink'])->name('showLink')->middleware('link-id');
 Route::post('/studio/sort-link', [UserController::class, 'sortLinks'])->name('sortLinks');
 Route::get('/studio/links', [UserController::class, $LinkPage])->name($LinkPage);
 Route::get('/studio/theme', [UserController::class, 'showTheme'])->name('showTheme');
 Route::post('/studio/theme', [UserController::class, 'editTheme'])->name('editTheme');
-Route::get('/deleteLink/{id}', [UserController::class, 'deleteLink'])->name('deleteLink');
-Route::get('/upLink/{up}/{id}', [UserController::class, 'upLink'])->name('upLink');
-Route::post('/studio/edit-link/{id}', [UserController::class, 'editLink'])->name('editLink');
-Route::get('/studio/button-editor/{id}', [UserController::class, 'showCSS'])->name('showCSS');
-Route::post('/studio/button-editor/{id}', [UserController::class, 'editCSS'])->name('editCSS');
+Route::get('/deleteLink/{id}', [UserController::class, 'deleteLink'])->name('deleteLink')->middleware('link-id');
+Route::get('/upLink/{up}/{id}', [UserController::class, 'upLink'])->name('upLink')->middleware('link-id');
+Route::post('/studio/edit-link/{id}', [UserController::class, 'editLink'])->name('editLink')->middleware('link-id');
+Route::get('/studio/button-editor/{id}', [UserController::class, 'showCSS'])->name('showCSS')->middleware('link-id');
+Route::post('/studio/button-editor/{id}', [UserController::class, 'editCSS'])->name('editCSS')->middleware('link-id');
 Route::get('/studio/page', [UserController::class, 'showPage'])->name('showPage');
 Route::get('/studio/no_page_name', [UserController::class, 'showPage'])->name('showPage');
 Route::post('/studio/page', [UserController::class, 'editPage'])->name('editPage');
