keii.dev
1<?php
2
3// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
4// See the LICENCE file in the repository root for full licence text.
5
6namespace App\Http\Middleware;
7
8use App\Libraries\User\DatadogLoginAttempt;
9use Closure;
10use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
11use Illuminate\Session\TokenMismatchException;
12
13class VerifyCsrfToken extends BaseVerifier
14{
15 protected $addHttpCookie = false;
16 protected $except = [
17 'home/changelog/github',
18 'oauth/authorize',
19 'payments/paypal/ipn',
20 'payments/shopify/callback',
21 'payments/xsolla/callback',
22 'users',
23 ];
24
25 public function handle($request, Closure $next)
26 {
27 $currentUser = \Auth::user();
28
29 if ($currentUser === null) {
30 if (
31 $this->isReading($request)
32 || $this->runningUnitTests()
33 || $this->inExceptArray($request)
34 || from_app_url($request)
35 ) {
36 return $next($request);
37 }
38
39 throw new TokenMismatchException('Invalid request origin');
40 }
41
42 try {
43 return parent::handle($request, $next);
44 } catch (TokenMismatchException $e) {
45 $currentRouteData = app('route-section')->getCurrent();
46 $currentRoute = "{$currentRouteData['controller']}@{$currentRouteData['action']}";
47
48 if ($currentRoute === 'sessions_controller@store') {
49 DatadogLoginAttempt::log('invalid_csrf');
50 }
51
52 throw new $e('Reload page and try again');
53 }
54 }
55}