Skip to content

Commit 6ada138

Browse files
committed
Update AdminOnlyAccess middleware
1 parent 20c488b commit 6ada138

4 files changed

Lines changed: 59 additions & 3 deletions

File tree

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
<?php
2+
3+
namespace App\Console\Commands;
4+
5+
use Carbon\Carbon;
6+
use Illuminate\Console\Command;
7+
use Illuminate\Support\Facades\File;
8+
9+
class CleanAdminSecurityLogs extends Command
10+
{
11+
protected $signature = 'logs:clean-admin-security {--days=14 : Number of days to keep}';
12+
13+
protected $description = 'Clean old admin security logs';
14+
15+
public function handle()
16+
{
17+
$days = $this->option('days');
18+
$path = storage_path('logs');
19+
$cutoffDate = Carbon::now()->subDays($days);
20+
21+
$deleted = 0;
22+
23+
foreach (File::glob("{$path}/admin-security-*.log") as $file) {
24+
$fileDate = Carbon::createFromTimestamp(File::lastModified($file));
25+
26+
if ($fileDate->lt($cutoffDate)) {
27+
File::delete($file);
28+
$deleted++;
29+
$this->info('Deleted: '.basename($file));
30+
}
31+
}
32+
33+
$this->info("Cleaned {$deleted} old admin security log file(s)");
34+
35+
return Command::SUCCESS;
36+
}
37+
}

app/Http/Middleware/AdminOnlyAccess.php

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
use Closure;
66
use Illuminate\Http\Request;
7+
use Illuminate\Support\Facades\Log;
78
use Symfony\Component\HttpFoundation\Response;
89

910
class AdminOnlyAccess
@@ -16,11 +17,20 @@ class AdminOnlyAccess
1617
public function handle(Request $request, Closure $next): Response
1718
{
1819
if (! $request->user()) {
19-
return redirect('/');
20+
abort(401, 'Unauthenticated');
2021
}
2122

22-
if (! $request->user()->is_admin) {
23-
return redirect('/');
23+
if ($request->user()->is_admin !== true) {
24+
Log::channel('admin_security')->warning('Unauthorized admin access attempt', [
25+
'user_id' => $request->user()->id,
26+
'ip' => $request->ip(),
27+
'user_agent' => $request->userAgent(),
28+
'route' => $request->path(),
29+
'method' => $request->method(),
30+
'timestamp' => now()->toIso8601String(),
31+
]);
32+
33+
abort(403, 'Unauthorized');
2434
}
2535

2636
return $next($request);

config/logging.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,14 @@
129129
'path' => storage_path('logs/laravel.log'),
130130
],
131131

132+
'admin_security' => [
133+
'driver' => 'daily',
134+
'path' => storage_path('logs/admin-security.log'),
135+
'level' => env('LOG_LEVEL', 'debug'),
136+
'days' => 14,
137+
'permission' => 0664,
138+
],
139+
132140
],
133141

134142
];

routes/console.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
Schedule::command('version:check --force')->twiceDaily(9, 17)->withoutOverlapping()->runInBackground()->onOneServer();
1515
Schedule::command('videos:retry-failed')->everyThirtyMinutes()->onOneServer();
1616
Schedule::command('app:instance-stats-collector-command')->hourlyAt(20)->onOneServer();
17+
Schedule::command('logs:clean-admin-security --days=14')->dailyAt('03:00')->onOneServer();
1718

1819
if (config('loops.admin_dashboard.autoUpdate')) {
1920
Schedule::command('admin:refresh-dashboard-30d')->everyThirtyMinutes()->onOneServer();

0 commit comments

Comments
 (0)