diff --git a/README.md b/README.md index 167890f..9e919bc 100644 --- a/README.md +++ b/README.md @@ -151,13 +151,15 @@ Route::middleware(['ip.banned'])->group(function () { }); ``` -To block all, simply add the two middlewares: +To block and logout banned Users or IP, add the `logout.banned` middleware: ```php -Route::middleware(['ip.banned', 'auth.banned'])->group(function () { +Route::middleware(['logout.banned'])->group(function () { // ... }); ``` +> If you use the `logout.banned` middleware, it is not necessary to cumulate the other middlewares. + > If you want to block IPs on every HTTP request of your application, list `Mchev\Banhammer\Middleware\IPBanned` in the `$middleware` property of your `app/Http/Kernel.php` class. ### Scheduler @@ -214,10 +216,11 @@ Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed re ## Roadmap -- Block IP range -- Auto block IP (Rate Limiting) -- Cache -- Ban history() or archive() method +- [ ] More tests +- [ ] Block IP range +- [ ] Auto block IP (Rate Limiting) +- [ ] Cache +- [ ] Ban history() or archive() method ## Contributing diff --git a/src/Middleware/AuthBanned.php b/src/Middleware/AuthBanned.php index 3e76dde..efbf153 100644 --- a/src/Middleware/AuthBanned.php +++ b/src/Middleware/AuthBanned.php @@ -10,10 +10,6 @@ class AuthBanned public function handle($request, Closure $next): Response { if ($request->user() && $request->user()->isBanned()) { - auth()->logout(); - $request->session()->invalidate(); - $request->session()->regenerateToken(); - return (config('ban.fallback_url')) ? redirect(config('ban.fallback_url')) : abort(403, config('ban.message')); diff --git a/src/Middleware/LogoutBanned.php b/src/Middleware/LogoutBanned.php new file mode 100644 index 0000000..5501c7a --- /dev/null +++ b/src/Middleware/LogoutBanned.php @@ -0,0 +1,29 @@ +user() && $request->user()->isBanned() + || $request->ip() && IP::isBanned($request->ip())) { + + if ($request->user()) { + auth()->logout(); + $request->session()->invalidate(); + $request->session()->regenerateToken(); + } + + return (config('ban.fallback_url')) + ? redirect(config('ban.fallback_url')) + : abort(403, config('ban.message')); + } + + return $next($request); + } +}