diff --git a/src/Entity/Action.php b/src/Entity/Action.php index 4aaba59..3a13710 100644 --- a/src/Entity/Action.php +++ b/src/Entity/Action.php @@ -2,6 +2,8 @@ namespace Bluesquare\Pilot\Entity; +use Illuminate\Support\Str; + abstract class Action extends Entity { public function action( @@ -30,6 +32,23 @@ abstract class Action extends Entity ]; } + public function iframe($url, $expires = 240) + { + $key = 'pilot_action_' . Str::random(10); + $token = Str::random(40); + + cache()->add($key, $token, now()->addMinutes($expires)); + + $url = $url . (str_contains($url, '?') ? '&' : '?') . "pilot_token=$key|$token"; + + return [ + 'json' => [ + 'type' => 'iframe', + 'url' => $url, + ], + ]; + } + public function error($message) { return [ diff --git a/src/Laravel/Middlewares/CheckPilotToken.php b/src/Laravel/Middlewares/CheckPilotToken.php new file mode 100644 index 0000000..4febf01 --- /dev/null +++ b/src/Laravel/Middlewares/CheckPilotToken.php @@ -0,0 +1,28 @@ +get($key) == $token) { + cache()->set($key, $token, now()->addHour()); + session()->put('pilot_token', true); + } + } + + if (! session('pilot_token')) { + abort(403, "Pilot session expired."); + } + + return $next($request); + } +} diff --git a/src/Laravel/PilotServiceProvider.php b/src/Laravel/PilotServiceProvider.php index b51b6e4..89a02cb 100644 --- a/src/Laravel/PilotServiceProvider.php +++ b/src/Laravel/PilotServiceProvider.php @@ -2,6 +2,7 @@ namespace Bluesquare\Pilot\Laravel; +use Bluesquare\Pilot\Laravel\Middlewares\CheckPilotToken; use Bluesquare\Pilot\Pilot; use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; @@ -36,6 +37,8 @@ class PilotServiceProvider extends ServiceProvider return $this->handleRequest($request); }); + Route::aliasMiddleware('pilot', CheckPilotToken::class); + $this->commands([ \Bluesquare\Pilot\Laravel\Commands\MakeAction::class, \Bluesquare\Pilot\Laravel\Commands\MakeMetric::class,