From a9b5286eea2914c5ff96c2c5b5fa86fcee3b54c8 Mon Sep 17 00:00:00 2001
From: mchev <martin.chevignard@gmail.com>
Date: Mon, 13 Feb 2023 12:15:58 +0100
Subject: [PATCH] Logout separated middleware

---
 README.md                       | 15 +++++++++------
 src/Middleware/AuthBanned.php   |  4 ----
 src/Middleware/LogoutBanned.php | 29 +++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100644 src/Middleware/LogoutBanned.php

diff --git a/README.md b/README.md
index 167890f..9e919bc 100644
--- a/README.md
+++ b/README.md
@@ -151,13 +151,15 @@ Route::middleware(['ip.banned'])->group(function () {
 });
 ```
 
-To block all, simply add the two middlewares:
+To block and logout banned Users or IP, add the `logout.banned` middleware:
 ```php
-Route::middleware(['ip.banned', 'auth.banned'])->group(function () {
+Route::middleware(['logout.banned'])->group(function () {
     // ...
 });
 ```
 
+> If you use the `logout.banned` middleware, it is not necessary to cumulate the other middlewares.
+
 > If you want to block IPs on every HTTP request of your application, list `Mchev\Banhammer\Middleware\IPBanned` in the `$middleware` property of your `app/Http/Kernel.php` class.
 
 ### Scheduler
@@ -214,10 +216,11 @@ Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed re
 
 ## Roadmap
 
-- Block IP range
-- Auto block IP (Rate Limiting)
-- Cache
-- Ban history() or archive() method
+- [ ] More tests
+- [ ] Block IP range
+- [ ] Auto block IP (Rate Limiting)
+- [ ] Cache
+- [ ] Ban history() or archive() method
 
 ## Contributing
 
diff --git a/src/Middleware/AuthBanned.php b/src/Middleware/AuthBanned.php
index 3e76dde..efbf153 100644
--- a/src/Middleware/AuthBanned.php
+++ b/src/Middleware/AuthBanned.php
@@ -10,10 +10,6 @@ class AuthBanned
     public function handle($request, Closure $next): Response
     {
         if ($request->user() && $request->user()->isBanned()) {
-            auth()->logout();
-            $request->session()->invalidate();
-            $request->session()->regenerateToken();
-
             return (config('ban.fallback_url'))
                 ? redirect(config('ban.fallback_url'))
                 : abort(403, config('ban.message'));
diff --git a/src/Middleware/LogoutBanned.php b/src/Middleware/LogoutBanned.php
new file mode 100644
index 0000000..5501c7a
--- /dev/null
+++ b/src/Middleware/LogoutBanned.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Mchev\Banhammer\Middleware;
+
+use Closure;
+use Mchev\Banhammer\IP;
+use Symfony\Component\HttpFoundation\Response;
+
+class LogoutBanned
+{
+    public function handle($request, Closure $next): Response
+    {
+        if ($request->user() && $request->user()->isBanned()
+            || $request->ip() && IP::isBanned($request->ip())) {
+
+            if ($request->user()) {
+                auth()->logout();
+                $request->session()->invalidate();
+                $request->session()->regenerateToken();
+            }
+
+            return (config('ban.fallback_url'))
+                ? redirect(config('ban.fallback_url'))
+                : abort(403, config('ban.message'));
+        }
+
+        return $next($request);
+    }
+}