Merge branch 'main' of github.com:NativePHP/laravel

mpociot · mpociot · commit 9fe50575d2c1 · 2023-06-02T16:56:31.000+02:00
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -13,7 +13,7 @@ jobs:
     
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1.4.0
+        uses: dependabot/fetch-metadata@v1.5.1
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
           
diff --git a/.github/workflows/fix-php-code-style-issues.yml b/.github/workflows/fix-php-code-style-issues.yml
@@ -19,7 +19,7 @@ jobs:
           ref: ${{ github.head_ref }}
 
       - name: Fix PHP code style issues
-        uses: aglipanci/laravel-pint-action@2.2.0
+        uses: aglipanci/laravel-pint-action@2.3.0
 
       - name: Commit changes
         uses: stefanzweifel/git-auto-commit-action@v4
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@ phpstan.neon
 testbench.yaml
 vendor
 node_modules
+.DS_Store
diff --git a/routes/api.php b/routes/api.php
@@ -1,6 +1,7 @@
 <?php
 
 use Illuminate\Support\Facades\Route;
+use Native\Laravel\Http\Controllers\CreateSecurityCookieController;
 use Native\Laravel\Http\Controllers\DispatchEventFromAppController;
 use Native\Laravel\Http\Controllers\NativeAppBootedController;
 use Native\Laravel\Http\Middleware\PreventRegularBrowserAccess;
@@ -9,3 +10,5 @@
     Route::post('_native/api/booted', NativeAppBootedController::class);
     Route::post('_native/api/events', DispatchEventFromAppController::class);
 })->withoutMiddleware(\App\Http\Middleware\VerifyCsrfToken::class);
+
+Route::get('_native/api/cookie', CreateSecurityCookieController::class);
diff --git a/src/Http/Controllers/CreateSecurityCookieController.php b/src/Http/Controllers/CreateSecurityCookieController.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Native\Laravel\Http\Controllers;
+
+use Illuminate\Http\Request;
+
+class CreateSecurityCookieController
+{
+    public function __invoke(Request $request)
+    {
+        if ($request->get('secret') !== config('native-php.secret')) {
+            return abort(403);
+        }
+
+        return redirect('/')->cookie(cookie(
+            name: '_php_native',
+            value: config('native-php.secret'),
+            domain: 'localhost',
+            httpOnly: true,
+        ));
+    }
+}
diff --git a/src/Http/Middleware/PreventRegularBrowserAccess.php b/src/Http/Middleware/PreventRegularBrowserAccess.php
@@ -9,6 +9,11 @@ class PreventRegularBrowserAccess
 {
     public function handle(Request $request, Closure $next)
     {
+        // Explicitly skip for the cookie-setting route
+        if ($request->path() === '_native/api/cookie') {
+            return $next($request);
+        }
+
         $cookie = $request->cookie('_php_native');
         $header = $request->header('X-NativePHP-Secret');
 

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,11 @@ class PreventRegularBrowserAccess`
`9`	`9`	`{`
`10`	`10`	`public function handle(Request $request, Closure $next)`
`11`	`11`	`{`
	`12`	`+ // Explicitly skip for the cookie-setting route`
	`13`	`+ if ($request->path() === '_native/api/cookie') {`
	`14`	`+ return $next($request);`
	`15`	`+ }`
	`16`	`+`
`12`	`17`	`$cookie = $request->cookie('_php_native');`
`13`	`18`	`$header = $request->header('X-NativePHP-Secret');`
`14`	`19`