Logout separated middleware

mchev · Feb 13, 2023 · a9b5286 · a9b5286
1 parent c7a595f
commit a9b5286
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -151,13 +151,15 @@ Route::middleware(['ip.banned'])->group(function () {
 });
 ```
 
-To block all, simply add the two middlewares:
+To block and logout banned Users or IP, add the `logout.banned` middleware:
 ```php
-Route::middleware(['ip.banned', 'auth.banned'])->group(function () {
+Route::middleware(['logout.banned'])->group(function () {
     // ...
 });
 ```
 
+> If you use the `logout.banned` middleware, it is not necessary to cumulate the other middlewares.
+
 > If you want to block IPs on every HTTP request of your application, list `Mchev\Banhammer\Middleware\IPBanned` in the `$middleware` property of your `app/Http/Kernel.php` class.
 
 ### Scheduler
@@ -214,10 +216,11 @@ Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed re
 
 ## Roadmap
 
-- Block IP range
-- Auto block IP (Rate Limiting)
-- Cache
-- Ban history() or archive() method
+- [ ] More tests
+- [ ] Block IP range
+- [ ] Auto block IP (Rate Limiting)
+- [ ] Cache
+- [ ] Ban history() or archive() method
 
 ## Contributing
 

diff --git a/src/Middleware/AuthBanned.php b/src/Middleware/AuthBanned.php
@@ -10,10 +10,6 @@ class AuthBanned
     public function handle($request, Closure $next): Response
     {
         if ($request->user() && $request->user()->isBanned()) {
-            auth()->logout();
-            $request->session()->invalidate();
-            $request->session()->regenerateToken();
-
             return (config('ban.fallback_url'))
                 ? redirect(config('ban.fallback_url'))
                 : abort(403, config('ban.message'));

diff --git a/src/Middleware/LogoutBanned.php b/src/Middleware/LogoutBanned.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Mchev\Banhammer\Middleware;
+
+use Closure;
+use Mchev\Banhammer\IP;
+use Symfony\Component\HttpFoundation\Response;
+
+class LogoutBanned
+{
+    public function handle($request, Closure $next): Response
+    {
+        if ($request->user() && $request->user()->isBanned()
+            || $request->ip() && IP::isBanned($request->ip())) {
+
+            if ($request->user()) {
+                auth()->logout();
+                $request->session()->invalidate();
+                $request->session()->regenerateToken();
+            }
+
+            return (config('ban.fallback_url'))
+                ? redirect(config('ban.fallback_url'))
+                : abort(403, config('ban.message'));
+        }
+
+        return $next($request);
+    }
+}