refactor: do not allow users to browse with an invalid account from s…

…ession
im-machakata · Apr 7, 2024 · 14a6195 · 14a6195
1 parent 453e8a6
commit 14a6195
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/app/Config/Filters.php b/app/Config/Filters.php
@@ -2,6 +2,8 @@
 
 namespace Config;
 
+use App\Filters\AccountExists;
+use App\Filters\Authenticated;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
@@ -24,7 +26,8 @@ class Filters extends BaseConfig
  'honeypot' => Honeypot::class,
  'invalidchars' => InvalidChars::class,
  'secureheaders' => SecureHeaders::class,
- 'auth' => \App\Filters\Authenticated::class,
+ 'auth' => Authenticated::class,
+ 'account_exists' => AccountExists::class
  ];
 
  /**
@@ -35,7 +38,7 @@ class Filters extends BaseConfig
  */
  public array $globals = [
  'before' => [
- // 'honeypot',
+ 'account_exists',
  // 'csrf',
  // 'invalidchars',
  ],

diff --git a/app/Filters/AccountExists.php b/app/Filters/AccountExists.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Filters;
+
+use App\Models\Account;
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class AccountExists implements FilterInterface
+{
+ /**
+ * Do whatever processing this filter needs to do.
+ * By default it should not return anything during
+ * normal execution. However, when an abnormal state
+ * is found, it should return an instance of
+ * CodeIgniter\HTTP\Response. If it does, script
+ * execution will end and that Response will be
+ * sent back to the client, allowing for error pages,
+ * redirects, etc.
+ *
+ * @param RequestInterface $request
+ * @param array|null $arguments
+ *
+ * @return RequestInterface|ResponseInterface|string|void
+ */
+ public function before(RequestInterface $request, $arguments = null)
+ {
+ if ($user = session()->get('user')) {
+ if (!model(Account::class)->find($user->ID)) {
+ session()->delete('user');
+ return response()->redirect('/auth/login');
+ }
+ }
+ }
+
+ /**
+ * Allows After filters to inspect and modify the response
+ * object as needed. This method does not allow any way
+ * to stop execution of other after filters, short of
+ * throwing an Exception or Error.
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param array|null $arguments
+ *
+ * @return ResponseInterface|void
+ */
+ public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+ {
+ //
+ }
+}