rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Livewire/Admin/Index.php
Andras Bacsai aea201fcba refactor: move admin route into middleware group and harden authorization 
Move the admin panel route into the existing auth middleware group and
replace client-side redirects with server-side abort calls in the
Livewire component. Extract shared authorization logic into reusable
private methods.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 12:24:40 +01:00

94 lines
2.3 KiB
PHP
Raw Blame History

<?php
namespace App\Livewire\Admin;
use App\Models\Team;
use App\Models\User;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Auth;
use Livewire\Component;
class Index extends Component
{
public int $activeSubscribers;
public int $inactiveSubscribers;
public Collection $foundUsers;
public string $search = '';
public function mount()
{
if (! isCloud() && ! isDev()) {
abort(403);
}
$this->authorizeAdminAccess();
$this->getSubscribers();
}
public function back()
{
$this->authorizeAdminAccess();
if (session('impersonating')) {
session()->forget('impersonating');
$user = User::find(0);
$team_to_switch_to = $user->teams->first();
Auth::login($user);
refreshSession($team_to_switch_to);
return redirect(request()->header('Referer'));
}
}
public function submitSearch()
{
$this->authorizeAdminAccess();
if ($this->search !== '') {
$this->foundUsers = User::where(function ($query) {
$query->where('name', 'like', "%{$this->search}%")
->orWhere('email', 'like', "%{$this->search}%");
})->get();
}
}
public function getSubscribers()
{
$this->inactiveSubscribers = Team::whereRelation('subscription', 'stripe_invoice_paid', false)->count();
$this->activeSubscribers = Team::whereRelation('subscription', 'stripe_invoice_paid', true)->count();
}
public function switchUser(int $user_id)
{
$this->authorizeRootOnly();
session(['impersonating' => true]);
$user = User::find($user_id);
if (! $user) {
abort(404);
}
$team_to_switch_to = $user->teams->first();
Auth::login($user);
refreshSession($team_to_switch_to);
return redirect(request()->header('Referer'));
}
private function authorizeAdminAccess(): void
{
if (! Auth::check() || (Auth::id() !== 0 && ! session('impersonating'))) {
abort(403);
}
}
private function authorizeRootOnly(): void
{
if (! Auth::check() || Auth::id() !== 0) {
abort(403);
}
}
public function render()
{
return view('livewire.admin.index');
}
}
Reference in a new issue View git blame Copy permalink