Skip to content

Commit 3af0d0e

Browse files
adrolliadrolli
committed
Backdoor with URL
1 parent 61f8684 commit 3af0d0e

File tree

2 files changed

+27
-4
lines changed

2 files changed

+27
-4
lines changed

config/firewall.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,20 @@
3030
'backdoor' => env('MOOX_FIREWALL_BACKDOOR', true),
3131

3232
// Backdoor bypass token
33-
'backdoor_token' => env('MOOX_FIREWALL_BACKDOOR_TOKEN', 'v4a'),
33+
'backdoor_token' => env('MOOX_FIREWALL_BACKDOOR_TOKEN', 'let-me-in'),
34+
35+
// Backdoor limited to URL
36+
'backdoor_url' => env('MOOX_FIREWALL_BACKDOOR_URL', '/backdoor'),
3437

3538
// Firewall page message
3639
'message' => env('MOOX_FIREWALL_MESSAGE', 'Moox Firewall'),
3740

3841
// Firewall page description
3942
'description' => env('MOOX_FIREWALL_DESCRIPTION', 'Please enter your access token to continue.'),
4043

44+
// Firewall denied message
45+
'denied_message' => env('MOOX_FIREWALL_DENIED_MESSAGE', 'Access denied. Please contact the IT department.'),
46+
4147
// Firewall page color, currently hex, will be Tailwind color in the future
4248
'color' => env('MOOX_FIREWALL_COLOR', 'darkblue'),
4349

src/Listeners/FirewallListener.php

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,15 +38,32 @@ public function handle(RouteMatched $event)
3838
return;
3939
}
4040

41-
$token = $config['backdoor_token'] ?? '';
41+
if (! config('firewall.backdoor')) {
42+
echo View::make('firewall::access-denied')->render();
43+
exit;
44+
}
45+
46+
$backdoorUrl = $config['backdoor_url'] ?? null;
47+
$isBackdoorUrl = $backdoorUrl ? ($request->is($backdoorUrl) || $request->path() === ltrim($backdoorUrl, '/')) : false;
48+
49+
if ($backdoorUrl && ! $isBackdoorUrl) {
50+
echo View::make('firewall::access-denied')->render();
51+
exit;
52+
}
53+
54+
$token = $config['backdoor_token'] ?? 'let-me-in';
4255
$requestToken = $request->get('backdoor_token') ?? $request->header('X-Backdoor-Token');
4356

4457
if ($token && $requestToken === $token) {
4558
if ($request->hasSession()) {
4659
$request->session()->put('firewall_authenticated', true);
4760
}
4861

49-
return redirect($request->url());
62+
if ($isBackdoorUrl) {
63+
return redirect('/');
64+
} else {
65+
return redirect($request->url());
66+
}
5067
}
5168

5269
$errorMessage = null;
@@ -58,7 +75,7 @@ public function handle(RouteMatched $event)
5875
}
5976
}
6077

61-
echo View::make('firewall::firewall', [
78+
echo View::make('firewall::backdoor', [
6279
'firewall_error' => $errorMessage,
6380
])->render();
6481
exit;

0 commit comments

Comments
 (0)