Tips-Of-Mine/Docker
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ok

Browse Source
This commit is contained in:
Hubert Cornet
2024-04-19 10:27:36 +02:00
parent fcb6bbe566
commit 35c96e715c
7852 changed files with 4815 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
Production/SNIPE-IT/app/Http/Middleware/AssetCountForSidebar.php Normal file
View File

@ -0,0 +1,64 @@
<?php
namespace App\Http\Middleware;
use App\Models\Asset;
use Auth;
use Closure;
class AssetCountForSidebar
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
try {
$total_rtd_sidebar = Asset::RTD()->count();
view()->share('total_rtd_sidebar', $total_rtd_sidebar);
} catch (\Exception $e) {
\Log::debug($e);
}
try {
$total_deployed_sidebar = Asset::Deployed()->count();
view()->share('total_deployed_sidebar', $total_deployed_sidebar);
} catch (\Exception $e) {
\Log::debug($e);
}
try {
$total_archived_sidebar = Asset::Archived()->count();
view()->share('total_archived_sidebar', $total_archived_sidebar);
} catch (\Exception $e) {
\Log::debug($e);
}
try {
$total_pending_sidebar = Asset::Pending()->count();
view()->share('total_pending_sidebar', $total_pending_sidebar);
} catch (\Exception $e) {
\Log::debug($e);
}
try {
$total_undeployable_sidebar = Asset::Undeployable()->count();
view()->share('total_undeployable_sidebar', $total_undeployable_sidebar);
} catch (\Exception $e) {
\Log::debug($e);
}
try {
$total_byod_sidebar = Asset::where('byod', '=', '1')->count();
view()->share('total_byod_sidebar', $total_byod_sidebar);
} catch (\Exception $e) {
\Log::debug($e);
}
return $next($request);
}
}

27
Production/SNIPE-IT/app/Http/Middleware/CheckForDebug.php Normal file
View File

@ -0,0 +1,27 @@
<?php
namespace App\Http\Middleware;
use Auth;
use Closure;
class CheckForDebug
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
view()->share('debug_in_production', false);
if (((Auth::check() && (Auth::user()->isSuperUser()))) && (app()->environment() == 'production') && (config('app.warn_debug') === true) && (config('app.debug') === true)) {
view()->share('debug_in_production', true);
}
return $next($request);
}
}

35
Production/SNIPE-IT/app/Http/Middleware/CheckForSetup.php Normal file
View File

@ -0,0 +1,35 @@
<?php
namespace App\Http\Middleware;
use App\Models\Setting;
use Closure;
class CheckForSetup
{
public function handle($request, Closure $next, $guard = null)
{
/**
* This is dumb
* @todo Check on removing this, not sure if it's still needed
*/
if ($request->is('_debugbar*')) {
return $next($request);
}
if (Setting::setupCompleted()) {
if ($request->is('setup*')) {
return redirect(config('app.url'));
} else {
return $next($request);
}
} else {
if (! ($request->is('setup*')) && ! ($request->is('.env')) && ! ($request->is('health'))) {
return redirect(config('app.url').'/setup');
}
return $next($request);
}
}
}

61
Production/SNIPE-IT/app/Http/Middleware/CheckForTwoFactor.php Normal file
View File

@ -0,0 +1,61 @@
<?php
namespace App\Http\Middleware;
use App\Models\Setting;
use Auth;
use Closure;
class CheckForTwoFactor
{
/**
* Routes to ignore for Two Factor Auth
*/
public const IGNORE_ROUTES = ['two-factor', 'two-factor-enroll', 'setup', 'logout'];
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
// Skip the logic if the user is on the two factor pages or the setup pages
// TODO - what we have below only works because our ROUTE uri's look _exactly_ like the route *names*.
// The problem is that, in the new(-ish) Laravel routing system, the route-name doesn't match if the route _verb_ is wrong.
// so we can have a blade that POST's to a route('two-factor') - but that route *name* is only matched when the method is GET
// because we attached the name to the GET, not to the POST (as route names *SHOULD* be unique in Laravel)
// there has got to be a better way to do this, but this is the best I could come up with for now.
if (in_array($request->route()->getName(), self::IGNORE_ROUTES) || in_array($request->route()->uri(), self::IGNORE_ROUTES)) {
return $next($request);
}
// Two-factor is enabled (either optional or required)
if ($settings = Setting::getSettings()) {
if (Auth::check() && ($settings->two_factor_enabled != '')) {
// This user is already 2fa-authed
if ($request->session()->get('2fa_authed')==Auth::user()->id) {
return $next($request);
}
// Two-factor is optional and the user has NOT opted in, let them through
if (($settings->two_factor_enabled == '1') && (Auth::user()->two_factor_optin != '1')) {
return $next($request);
}
// Otherwise make sure they're enrolled and show them the 2FA code screen
if ((Auth::user()->two_factor_secret != '') && (Auth::user()->two_factor_enrolled == '1')) {
return redirect()->route('two-factor')->with('info', 'Please enter your two-factor authentication code.');
}
return redirect()->route('two-factor-enroll')->with('success', 'Please enroll a device in two-factor authentication.');
}
}
return $next($request);
}
}

51
Production/SNIPE-IT/app/Http/Middleware/CheckLocale.php Normal file
View File

@ -0,0 +1,51 @@
<?php
namespace App\Http\Middleware;
use App\Models\Setting;
use Closure;
use \App\Helpers\Helper;
class CheckLocale
{
private function warn_legacy_locale($language, $source)
{
if ($language != Helper::mapLegacyLocale($language)) {
\Log::warning("$source $language and should be updated to be ".Helper::mapLegacyLocale($language));
}
}
/**
* Handle the locale for the user, default to settings otherwise.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
*
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
// Default app settings from config
$language = config('app.locale');
$this->warn_legacy_locale($language, "APP_LOCALE in .env is set to");
if ($settings = Setting::getSettings()) {
// User's preference
if (($request->user()) && ($request->user()->locale)) {
$language = $request->user()->locale;
$this->warn_legacy_locale($language, "username ".$request->user()->username." (".$request->user()->id.") has a language");
// App setting preference
} elseif ($settings->locale != '') {
$language = $settings->locale;
$this->warn_legacy_locale($language, "App Settings is set to");
}
}
\App::setLocale(Helper::mapLegacyLocale($language));
return $next($request);
}
}

31
Production/SNIPE-IT/app/Http/Middleware/CheckPermissions.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Gate;
class CheckPermissions
{
/**
* Handle the ACLs for permissions.
*
* The $section variable is passed via the route middleware,
* 'middleware' => [authorize:superadmin']
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $section
* @return mixed
*/
public function handle($request, Closure $next, $section = null)
{
if (Gate::allows($section)) {
return $next($request);
}
return response()->view('layouts/basic', [
'content' => view('errors/403'),
]);
}
}

50
Production/SNIPE-IT/app/Http/Middleware/CheckUserIsActivated.php Normal file
View File

@ -0,0 +1,50 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Auth;
class CheckUserIsActivated
{
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// If there is a user AND the user is NOT activated, send them to the login page
// This prevents people who still have active sessions logged in and their status gets toggled
// to inactive (aka unable to login)
if (($request->user()) && (!$request->user()->isActivated())) {
Auth::logout();
return redirect()->guest('login');
}
return $next($request);
}
}

24
Production/SNIPE-IT/app/Http/Middleware/EncryptCookies.php Normal file
View File

@ -0,0 +1,24 @@
<?php
namespace App\Http\Middleware;
use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;
class EncryptCookies extends BaseEncrypter
{
/**
* The names of the cookies that should not be encrypted.
*
* @var array
*/
protected $except = [
//
];
/**
* Indicates if cookies should be serialized.
*
* @var bool
*/
protected static $serialize = true;
}

30
Production/SNIPE-IT/app/Http/Middleware/NoSessionStore.php Normal file
View File

@ -0,0 +1,30 @@
<?php
namespace App\Http\Middleware;
use Closure;
class NoSessionStore
{
protected $except = [
'health',
];
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
foreach ($this->except as $except) {
if ($request->is($except)) {
config()->set('session.driver', 'array');
}
}
return $next($request);
}
}

30
Production/SNIPE-IT/app/Http/Middleware/PreventBackHistory.php Normal file
View File

@ -0,0 +1,30 @@
<?php
namespace App\Http\Middleware;
use Closure;
class PreventBackHistory
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$headers = [
'Cache-Control' => 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma' => 'no-cache',
'Expires' => 'Sun, 02 Jan 1990 00:00:00 GMT'
];
$response = $next($request);
foreach($headers as $key => $value) {
$response->headers->set($key, $value);
}
return $response;
}
}

17
Production/SNIPE-IT/app/Http/Middleware/PreventRequestsDuringMaintenance.php Normal file
View File

@ -0,0 +1,17 @@
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance as Middleware;
class PreventRequestsDuringMaintenance extends Middleware
{
/**
* The URIs that should be reachable while maintenance mode is enabled.
*
* @var array
*/
protected $except = [
//
];
}

26
Production/SNIPE-IT/app/Http/Middleware/RedirectIfAuthenticated.php Normal file
View File

@ -0,0 +1,26 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class RedirectIfAuthenticated
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect()->intended('/');
}
return $next($request);
}
}

110
Production/SNIPE-IT/app/Http/Middleware/SecurityHeaders.php Normal file
View File

@ -0,0 +1,110 @@
<?php
namespace App\Http\Middleware;
use Closure;
class SecurityHeaders
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
// See https://securityheaders.com/
private $unwantedHeaderList = [
'X-Powered-By',
'Server',
];
public function handle($request, Closure $next)
{
$this->removeUnwantedHeaders($this->unwantedHeaderList);
$response = $next($request);
$response->headers->set('X-Content-Type-Options', 'nosniff');
$response->headers->set('X-XSS-Protection', '1; mode=block');
// Ugh. Feature-Policy is dumb and clumsy and mostly irrelevant for Snipe-IT,
// since we don't provide any way to IFRAME anything in in the first place.
// There is currently no easy way to default ALL THE THINGS to 'none', but
// security audits will still ding you if you don't have this header, even
// though we don't allow IFRAMING in the first place.
//
// So for security and compliance sake, here we are. Sigh.
//
// See also:
// - https://developers.google.com/web/updates/2018/06/feature-policy
// - https://scotthelme.co.uk/a-new-security-header-feature-policy/
// - https://github.com/w3c/webappsec-feature-policy/issues/189
$feature_policy[] = "accelerometer 'none'";
$feature_policy[] = "autoplay 'none'";
$feature_policy[] = "camera 'none'";
$feature_policy[] = "display-capture 'none'";
$feature_policy[] = "document-domain 'none'";
$feature_policy[] = "encrypted-media 'none'";
$feature_policy[] = "fullscreen 'none'";
$feature_policy[] = "geolocation 'none'";
$feature_policy[] = "sync-xhr 'none'";
$feature_policy[] = "usb 'none'";
$feature_policy[] = "xr-spatial-tracking 'none'";
$feature_policy = implode(';', $feature_policy);
$response->headers->set('Feature-Policy', $feature_policy);
// Defaults to same-origin if REFERRER_POLICY is not set in the .env
$response->headers->set('Referrer-Policy', config('app.referrer_policy'));
// The .env var ALLOW_IFRAMING defaults to false (which disallows IFRAMING)
// if not present, but some unique cases require this to be enabled.
// For example, some IT depts have IFRAMED Snipe-IT into their IT portal
// for convenience so while it is normally disallowed, there is
// an override that exists.
if (config('app.allow_iframing') == false) {
$response->headers->set('X-Frame-Options', 'DENY');
}
// This defaults to false to maintain backwards compatibility for
// people who are not running Snipe-IT over TLS (shame, shame, shame!)
// Seriously though, please run Snipe-IT over TLS. Let's Encrypt is free.
// https://letsencrypt.org
if (config('app.enable_hsts') === true) {
$response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
}
// We have to exclude debug mode here because debugbar pulls from a CDN or two
// and it will break things.
if ((config('app.debug') != 'true') && (config('app.enable_csp') == 'true')) {
$csp_policy[] = "default-src 'self'";
$csp_policy[] = "style-src 'self' 'unsafe-inline'";
$csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
$csp_policy[] = "connect-src 'self'";
$csp_policy[] = "object-src 'none'";
$csp_policy[] = "font-src 'self' data:";
$csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';
if (config('filesystems.disks.public.driver') == 's3') {
$csp_policy[] = "img-src 'self' data: ".config('filesystems.disks.public.url');
}
$csp_policy = join(';', $csp_policy);
$response->headers->set('Content-Security-Policy', $csp_policy);
}
return $response;
}
private function removeUnwantedHeaders($headerList)
{
foreach ($headerList as $header) {
header_remove($header);
}
}
}

19
Production/SNIPE-IT/app/Http/Middleware/TrimStrings.php Normal file
View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\TrimStrings as Middleware;
class TrimStrings extends Middleware
{
/**
* The names of the attributes that should not be trimmed.
*
* @var array
*/
protected $except = [
'current_password',
'password',
'password_confirmation',
];
}

20
Production/SNIPE-IT/app/Http/Middleware/TrustHosts.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Middleware\TrustHosts as Middleware;
class TrustHosts extends Middleware
{
/**
* Get the host patterns that should be trusted.
*
* @return array
*/
public function hosts()
{
return [
$this->allSubdomainsOfApplicationUrl(),
];
}
}

23
Production/SNIPE-IT/app/Http/Middleware/TrustProxies.php Normal file
View File

@ -0,0 +1,23 @@
<?php
namespace App\Http\Middleware;
use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Request;
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application.
*
* @var array|string|null
*/
protected $proxies;
/**
* The headers that should be used to detect proxies.
*
* @var int
*/
protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;
}

17
Production/SNIPE-IT/app/Http/Middleware/VerifyCsrfToken.php Normal file
View File

@ -0,0 +1,17 @@
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'health',
];
}