refactor: do not allow users to browse with an invalid account from s…

…ession
im-machakata · Apr 7, 2024 · 14a6195 · 14a6195
1 parent 453e8a6
commit 14a6195
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/app/Config/Filters.php b/app/Config/Filters.php
@@ -2,6 +2,8 @@
 
 namespace Config;
 
+use App\Filters\AccountExists;
+use App\Filters\Authenticated;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
@@ -24,7 +26,8 @@ class Filters extends BaseConfig
         'honeypot'      => Honeypot::class,
         'invalidchars'  => InvalidChars::class,
         'secureheaders' => SecureHeaders::class,
-        'auth'          => \App\Filters\Authenticated::class,
+        'auth'          => Authenticated::class,
+        'account_exists' => AccountExists::class
     ];
 
     /**
@@ -35,7 +38,7 @@ class Filters extends BaseConfig
      */
     public array $globals = [
         'before' => [
-            // 'honeypot',
+            'account_exists',
             // 'csrf',
             // 'invalidchars',
         ],

diff --git a/app/Filters/AccountExists.php b/app/Filters/AccountExists.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Filters;
+
+use App\Models\Account;
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class AccountExists implements FilterInterface
+{
+    /**
+     * Do whatever processing this filter needs to do.
+     * By default it should not return anything during
+     * normal execution. However, when an abnormal state
+     * is found, it should return an instance of
+     * CodeIgniter\HTTP\Response. If it does, script
+     * execution will end and that Response will be
+     * sent back to the client, allowing for error pages,
+     * redirects, etc.
+     *
+     * @param RequestInterface $request
+     * @param array|null       $arguments
+     *
+     * @return RequestInterface|ResponseInterface|string|void
+     */
+    public function before(RequestInterface $request, $arguments = null)
+    {
+        if ($user = session()->get('user')) {
+            if (!model(Account::class)->find($user->ID)) {
+                session()->delete('user');
+                return response()->redirect('/auth/login');
+            }
+        }
+    }
+
+    /**
+     * Allows After filters to inspect and modify the response
+     * object as needed. This method does not allow any way
+     * to stop execution of other after filters, short of
+     * throwing an Exception or Error.
+     *
+     * @param RequestInterface  $request
+     * @param ResponseInterface $response
+     * @param array|null        $arguments
+     *
+     * @return ResponseInterface|void
+     */
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    {
+        //
+    }
+}