Fixes and Tests

Author: adrolli

composer.json

@@ -23,7 +23,8 @@
     },
     "autoload": {
         "psr-4": {
-            "Moox\\Firewall\\": "src"
+            "Moox\\Firewall\\": "src",
+            "Moox\\Firewall\\Tests\\": "tests"
         }
     },
     "extra": {

resources/views/access-denied.blade.php

@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="csrf-token" content="{{ csrf_token() }}">
+    <title>{{ config('firewall.message', 'Moox Firewall') }}</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: black;
+            min-height: 100vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+
+        .firewall-container {
+            background: white;
+            border-radius: 16px;
+            box-shadow: 0 20px 40px rgba(0,0,0,0.1);
+            padding: 3rem;
+            max-width: 400px;
+            width: 90%;
+            text-align: center;
+        }
+
+        .title {
+            font-size: 1.5rem;
+            font-weight: 600;
+            color: #dc2626;
+            margin-bottom: 0.5rem;
+        }
+
+        .message {
+            color: #718096;
+            margin-bottom: 2rem;
+            line-height: 1.6;
+        }
+
+        .error-icon {
+            font-size: 3rem;
+            color: #dc2626;
+            margin-bottom: 1rem;
+        }
+    </style>
+</head>
+<body>
+    <div class="firewall-container">
+        <div class="error-icon">🚫</div>
+        <h1 class="title">{{ config('firewall.message', 'Moox Firewall') }}</h1>
+        <p class="message">{{ config('firewall.denied_message', 'Access denied. Please contact the IT department.') }}</p>
+    </div>
+</body>
+</html>

src/FirewallServiceProvider.php

@@ -17,7 +17,8 @@ public function configurePackage(Package $package): void
         $package
             ->name('firewall')
             ->hasConfigFile()
-            ->hasViews('firewall')
+            ->hasViews('access-denied')
+            ->hasViews('backdoor')
             ->hasTranslations()
             ->hasMigrations()
             ->hasCommands();

tests/Feature/ExampleTest.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace Moox\Firewall\Tests\Feature;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Foundation\Testing\TestCase;
+
+class FirewallTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        config(['firewall.enabled' => true]);
+        config(['firewall.backdoor' => true]);
+        config(['firewall.backdoor_token' => 'test-token']);
+    }
+
+    public function test_firewall_blocks_access_when_enabled()
+    {
+        config(['firewall.enabled' => true]);
+        config(['firewall.backdoor' => false]);
+
+        $response = $this->get('/');
+
+        $response->assertStatus(200);
+        $response->assertSee('Access denied');
+    }
+
+    public function test_firewall_allows_access_when_disabled()
+    {
+        config(['firewall.enabled' => false]);
+
+        $response = $this->get('/');
+
+        $response->assertStatus(200);
+        $response->assertDontSee('Access denied');
+    }
+
+    public function test_firewall_allows_whitelisted_ips()
+    {
+        config(['firewall.whitelist' => ['127.0.0.1']]);
+
+        $response = $this->get('/');
+
+        $response->assertStatus(200);
+        $response->assertDontSee('Access denied');
+    }
+
+    public function test_firewall_excludes_specified_routes()
+    {
+        config(['firewall.exclude' => ['api/*']]);
+
+        $response = $this->get('/api/test');
+
+        $response->assertStatus(200);
+        $response->assertDontSee('Access denied');
+    }
+
+    public function test_backdoor_authentication_with_valid_token()
+    {
+        config(['firewall.backdoor_url' => '/backdoor']);
+
+        $response = $this->get('/backdoor?backdoor_token=test-token');
+
+        $response->assertStatus(302);
+        $response->assertRedirect('/');
+    }
+
+    public function test_backdoor_authentication_with_invalid_token()
+    {
+        config(['firewall.backdoor_url' => '/backdoor']);
+
+        $response = $this->get('/backdoor?backdoor_token=wrong-token');
+
+        $response->assertStatus(200);
+        $response->assertSee('Invalid token');
+    }
+
+    public function test_access_denied_on_non_backdoor_url()
+    {
+        config(['firewall.backdoor_url' => '/backdoor']);
+
+        $response = $this->get('/some-other-page');
+
+        $response->assertStatus(200);
+        $response->assertSee('Access denied');
+    }
+}

tests/Feature/FirewallTest.php

@@ -4,10 +4,44 @@
 
 use Illuminate\Database\Eloquent\Factories\Factory;
 use Moox\Firewall\FirewallServiceProvider;
-use Orchestra\Testbench\TestCase as Orchestra;
+use Illuminate\Foundation\Testing\TestCase as BaseTestCase;
+use Illuminate\Foundation\Application;
+use Illuminate\Foundation\Bootstrap\LoadEnvironmentVariables;
+use Illuminate\Foundation\Bootstrap\LoadConfiguration;
+use Illuminate\Foundation\Bootstrap\HandleExceptions;
+use Illuminate\Foundation\Bootstrap\RegisterFacades;
+use Illuminate\Foundation\Bootstrap\SetRequestForConsole;
+use Illuminate\Foundation\Bootstrap\RegisterProviders;
+use Illuminate\Foundation\Bootstrap\BootProviders;
 
-class TestCase extends Orchestra
+class TestCase extends BaseTestCase
 {
+    public function createApplication()
+    {
+        $app = new Application(
+            realpath(__DIR__.'/../../../')
+        );
+
+        $app->singleton(
+            \Illuminate\Contracts\Http\Kernel::class,
+            \App\Http\Kernel::class
+        );
+
+        $app->singleton(
+            \Illuminate\Contracts\Console\Kernel::class,
+            \App\Console\Kernel::class
+        );
+
+        $app->singleton(
+            \Illuminate\Contracts\Debug\ExceptionHandler::class,
+            \App\Exceptions\Handler::class
+        );
+
+        $app->make(\Illuminate\Contracts\Console\Kernel::class)->bootstrap();
+
+        return $app;
+    }
+
     protected function setUp(): void
     {
         parent::setUp();

tests/TestCase.php

@@ -0,0 +1,128 @@
+<?php
+
+namespace Moox\Firewall\Tests\Unit;
+
+use Illuminate\Foundation\Testing\TestCase;
+use Illuminate\Http\Request;
+use Illuminate\Routing\Events\RouteMatched;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\View;
+use Moox\Firewall\Listeners\FirewallListener;
+
+class FirewallListenerTest extends TestCase
+{
+    protected FirewallListener $listener;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->listener = new FirewallListener;
+
+        Config::set('firewall.enabled', true);
+        Config::set('firewall.backdoor', true);
+        Config::set('firewall.backdoor_token', 'test-token');
+    }
+
+    public function test_firewall_disabled_returns_early()
+    {
+        Config::set('firewall.enabled', false);
+
+        $request = Request::create('/');
+        $event = new RouteMatched($request, $request->route());
+
+        $this->listener->handle($event);
+
+        $this->assertTrue(true);
+    }
+
+    public function test_whitelisted_ip_returns_early()
+    {
+        Config::set('firewall.whitelist', ['127.0.0.1']);
+
+        $request = Request::create('/');
+        $event = new RouteMatched($request, $request->route());
+
+        $this->listener->handle($event);
+
+        $this->assertTrue(true);
+    }
+
+    public function test_excluded_route_returns_early()
+    {
+        Config::set('firewall.exclude', ['api/*']);
+
+        $request = Request::create('/api/test');
+        $event = new RouteMatched($request, $request->route());
+
+        $this->listener->handle($event);
+
+        $this->assertTrue(true);
+    }
+
+    public function test_backdoor_disabled_shows_access_denied()
+    {
+        Config::set('firewall.backdoor', false);
+
+        $request = Request::create('/');
+        $event = new RouteMatched($request, $request->route());
+
+        View::shouldReceive('make')
+            ->with('firewall::access-denied')
+            ->andReturnSelf();
+        View::shouldReceive('render')
+            ->andReturn('Access denied');
+
+        $this->expectOutputString('Access denied');
+
+        $this->listener->handle($event);
+    }
+
+    public function test_backdoor_url_restriction()
+    {
+        Config::set('firewall.backdoor_url', '/backdoor');
+
+        $request = Request::create('/some-other-page');
+        $event = new RouteMatched($request, $request->route());
+
+        View::shouldReceive('make')
+            ->with('firewall::access-denied')
+            ->andReturnSelf();
+        View::shouldReceive('render')
+            ->andReturn('Access denied');
+
+        $this->expectOutputString('Access denied');
+
+        $this->listener->handle($event);
+    }
+
+    public function test_valid_token_authenticates_user()
+    {
+        Config::set('firewall.backdoor_url', '/backdoor');
+
+        $request = Request::create('/backdoor?backdoor_token=test-token');
+        $event = new RouteMatched($request, $request->route());
+
+        $this->listener->handle($event);
+
+        $this->assertTrue(true);
+    }
+
+    public function test_invalid_token_shows_error()
+    {
+        Config::set('firewall.backdoor_url', '/backdoor');
+
+        $request = Request::create('/backdoor?backdoor_token=wrong-token');
+        $event = new RouteMatched($request, $request->route());
+
+        View::shouldReceive('make')
+            ->with('firewall::backdoor', ['firewall_error' => null])
+            ->andReturnSelf();
+        View::shouldReceive('render')
+            ->andReturn('Backdoor form');
+
+        $this->expectOutputString('Backdoor form');
+
+        $this->listener->handle($event);
+    }
+}