From 344b0c94cd82073aa7aab998a60bcb39769f6d8f Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Thu, 11 Jun 2020 18:39:03 -0600 Subject: [PATCH] Update cors dep --- app/Http/Kernel.php | 4 +- app/Providers/AuthServiceProvider.php | 6 +- composer.json | 2 +- composer.lock | 416 ++++++++++++++++++-------- config/cors.php | 60 ++++ 5 files changed, 351 insertions(+), 137 deletions(-) create mode 100644 config/cors.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index c354024cd..94597e211 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -36,11 +36,12 @@ class Kernel extends HttpKernel \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, + // 'restricted', ], 'api' => [ 'bindings', - \Barryvdh\Cors\HandleCors::class, + \Fruitcake\Cors\HandleCors::class, ], ]; @@ -65,5 +66,6 @@ class Kernel extends HttpKernel 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'twofactor' => \App\Http\Middleware\TwoFactorAuth::class, 'validemail' => \App\Http\Middleware\EmailVerificationCheck::class, + // 'restricted' => \App\Http\Middleware\RestrictedAccess::class, ]; } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 7e3b460f8..8eb85150b 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -27,11 +27,13 @@ class AuthServiceProvider extends ServiceProvider $this->registerPolicies(); if(config('pixelfed.oauth_enabled')) { - Passport::routes(null, ['middleware' => ['twofactor', \Barryvdh\Cors\HandleCors::class]]); + Passport::routes(null, ['middleware' => ['twofactor', \Fruitcake\Cors\HandleCors::class]]); Passport::tokensExpireIn(now()->addDays(15)); Passport::refreshTokensExpireIn(now()->addDays(30)); Passport::enableImplicitGrant(); - + if(config('instance.oauth.pat.enabled')) { + Passport::personalAccessClientId(config('instance.oauth.pat.id')); + } Passport::setDefaultScope([ 'read', 'write', diff --git a/composer.json b/composer.json index 583a90eca..50673b667 100644 --- a/composer.json +++ b/composer.json @@ -13,11 +13,11 @@ "ext-json": "*", "ext-mbstring": "*", "ext-openssl": "*", - "barryvdh/laravel-cors": "^2.0", "beyondcode/laravel-self-diagnosis": "^1.0.2", "brick/math": "^0.8", "doctrine/dbal": "^2.7", "fideloper/proxy": "^4.0", + "fruitcake/laravel-cors": "^2.0", "intervention/image": "^2.4", "jenssegers/agent": "^2.6", "laravel/framework": "^7.0", diff --git a/composer.lock b/composer.lock index 550ac6c36..16c078554 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d95b0ab8dd30773bec3487a246ca2b8d", + "content-hash": "89a990f5bbd63d29f5a8c17ee010a83e", "packages": [ { "name": "alchemy/binary-driver", @@ -70,16 +70,16 @@ }, { "name": "asm89/stack-cors", - "version": "2.0.0", + "version": "v2.0.1", "source": { "type": "git", "url": "https://github.com/asm89/stack-cors.git", - "reference": "1913589c6de3cc09de5a9bdb4f46fbd550246b40" + "reference": "23f469e81c65e2fb7fc7bce371fbdc363fe32adf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/asm89/stack-cors/zipball/1913589c6de3cc09de5a9bdb4f46fbd550246b40", - "reference": "1913589c6de3cc09de5a9bdb4f46fbd550246b40", + "url": "https://api.github.com/repos/asm89/stack-cors/zipball/23f469e81c65e2fb7fc7bce371fbdc363fe32adf", + "reference": "23f469e81c65e2fb7fc7bce371fbdc363fe32adf", "shasum": "" }, "require": { @@ -118,7 +118,7 @@ "cors", "stack" ], - "time": "2020-04-20T10:11:31+00:00" + "time": "2020-05-31T07:17:05+00:00" }, { "name": "aws/aws-sdk-php", @@ -204,82 +204,6 @@ ], "time": "2020-05-28T18:12:07+00:00" }, - { - "name": "barryvdh/laravel-cors", - "version": "v2.0.0", - "source": { - "type": "git", - "url": "https://github.com/fruitcake/laravel-cors.git", - "reference": "8cc9f7e5f1b9b280ae2378b3624e6b5603e63e8c" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/8cc9f7e5f1b9b280ae2378b3624e6b5603e63e8c", - "reference": "8cc9f7e5f1b9b280ae2378b3624e6b5603e63e8c", - "shasum": "" - }, - "require": { - "asm89/stack-cors": "^2", - "illuminate/contracts": "^5.6|^6.0|^7.0|^8.0", - "illuminate/support": "^5.6|^6.0|^7.0|^8.0", - "php": ">=7.1", - "symfony/http-foundation": "^4.0|^5.0", - "symfony/http-kernel": "^4.0|^5.0" - }, - "require-dev": { - "laravel/framework": "^5.5|^6.0|^7.0|^8.0", - "orchestra/dusk-updater": "^1.2", - "orchestra/testbench": "^3.5|^4.0|^5.0|^6.0", - "orchestra/testbench-dusk": "^5.1", - "phpro/grumphp": "^0.16|^0.17", - "phpunit/phpunit": "^6.0|^7.0|^8.0", - "squizlabs/php_codesniffer": "^3.5" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "2.0-dev" - }, - "laravel": { - "providers": [ - "Fruitcake\\Cors\\CorsServiceProvider" - ] - } - }, - "autoload": { - "psr-4": { - "Fruitcake\\Cors\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Fruitcake", - "homepage": "https://fruitcake.nl" - }, - { - "name": "Barry vd. Heuvel", - "email": "barryvdh@gmail.com" - } - ], - "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application", - "keywords": [ - "api", - "cors", - "crossdomain", - "laravel" - ], - "funding": [ - { - "url": "https://github.com/barryvdh", - "type": "github" - } - ], - "time": "2020-05-11T09:29:18+00:00" - }, { "name": "beyondcode/laravel-self-diagnosis", "version": "1.4.2", @@ -1359,6 +1283,82 @@ ], "time": "2020-03-25T18:49:23+00:00" }, + { + "name": "fruitcake/laravel-cors", + "version": "v2.0.1", + "source": { + "type": "git", + "url": "https://github.com/fruitcake/laravel-cors.git", + "reference": "dbfc311b25d4873c3c2382b26860be3567492bd6" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/dbfc311b25d4873c3c2382b26860be3567492bd6", + "reference": "dbfc311b25d4873c3c2382b26860be3567492bd6", + "shasum": "" + }, + "require": { + "asm89/stack-cors": "^2.0.1", + "illuminate/contracts": "^5.6|^6.0|^7.0|^8.0", + "illuminate/support": "^5.6|^6.0|^7.0|^8.0", + "php": ">=7.1", + "symfony/http-foundation": "^4.0|^5.0", + "symfony/http-kernel": "^4.0|^5.0" + }, + "require-dev": { + "laravel/framework": "^5.5|^6.0|^7.0|^8.0", + "orchestra/dusk-updater": "^1.2", + "orchestra/testbench": "^3.5|^4.0|^5.0|^6.0", + "orchestra/testbench-dusk": "^5.1", + "phpro/grumphp": "^0.16|^0.17", + "phpunit/phpunit": "^6.0|^7.0|^8.0", + "squizlabs/php_codesniffer": "^3.5" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + }, + "laravel": { + "providers": [ + "Fruitcake\\Cors\\CorsServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "Fruitcake\\Cors\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fruitcake", + "homepage": "https://fruitcake.nl" + }, + { + "name": "Barry vd. Heuvel", + "email": "barryvdh@gmail.com" + } + ], + "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application", + "keywords": [ + "api", + "cors", + "crossdomain", + "laravel" + ], + "funding": [ + { + "url": "https://github.com/barryvdh", + "type": "github" + } + ], + "time": "2020-05-31T07:30:16+00:00" + }, { "name": "geerlingguy/ping", "version": "1.2.1", @@ -5135,32 +5135,94 @@ "time": "2020-03-27T16:56:45+00:00" }, { - "name": "symfony/error-handler", - "version": "v5.0.8", + "name": "symfony/deprecation-contracts", + "version": "v2.1.2", "source": { "type": "git", - "url": "https://github.com/symfony/error-handler.git", - "reference": "949ffc17c3ac3a9f8e6232220e2da33913c04ea4" + "url": "https://github.com/symfony/deprecation-contracts.git", + "reference": "dd99cb3a0aff6cadd2a8d7d7ed72c2161e218337" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/error-handler/zipball/949ffc17c3ac3a9f8e6232220e2da33913c04ea4", - "reference": "949ffc17c3ac3a9f8e6232220e2da33913c04ea4", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/dd99cb3a0aff6cadd2a8d7d7ed72c2161e218337", + "reference": "dd99cb3a0aff6cadd2a8d7d7ed72c2161e218337", "shasum": "" }, "require": { - "php": "^7.2.5", + "php": ">=7.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.1-dev" + } + }, + "autoload": { + "files": [ + "function.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "A generic function and convention to trigger deprecation notices", + "homepage": "https://symfony.com", + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2020-05-27T08:34:37+00:00" + }, + { + "name": "symfony/error-handler", + "version": "v5.1.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/error-handler.git", + "reference": "7d0b927b9d3dc41d7d46cda38cbfcd20cdcbb896" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/error-handler/zipball/7d0b927b9d3dc41d7d46cda38cbfcd20cdcbb896", + "reference": "7d0b927b9d3dc41d7d46cda38cbfcd20cdcbb896", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", "psr/log": "^1.0", + "symfony/polyfill-php80": "^1.15", "symfony/var-dumper": "^4.4|^5.0" }, "require-dev": { + "symfony/deprecation-contracts": "^2.1", "symfony/http-kernel": "^4.4|^5.0", "symfony/serializer": "^4.4|^5.0" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.1-dev" } }, "autoload": { @@ -5201,25 +5263,27 @@ "type": "tidelift" } ], - "time": "2020-03-30T14:14:32+00:00" + "time": "2020-05-30T20:35:19+00:00" }, { "name": "symfony/event-dispatcher", - "version": "v5.0.8", + "version": "v5.1.0", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "24f40d95385774ed5c71dbf014edd047e2f2f3dc" + "reference": "cc0d059e2e997e79ca34125a52f3e33de4424ac7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/24f40d95385774ed5c71dbf014edd047e2f2f3dc", - "reference": "24f40d95385774ed5c71dbf014edd047e2f2f3dc", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/cc0d059e2e997e79ca34125a52f3e33de4424ac7", + "reference": "cc0d059e2e997e79ca34125a52f3e33de4424ac7", "shasum": "" }, "require": { - "php": "^7.2.5", - "symfony/event-dispatcher-contracts": "^2" + "php": ">=7.2.5", + "symfony/deprecation-contracts": "^2.1", + "symfony/event-dispatcher-contracts": "^2", + "symfony/polyfill-php80": "^1.15" }, "conflict": { "symfony/dependency-injection": "<4.4" @@ -5244,7 +5308,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.1-dev" } }, "autoload": { @@ -5285,7 +5349,7 @@ "type": "tidelift" } ], - "time": "2020-03-27T16:56:45+00:00" + "time": "2020-05-20T17:43:50+00:00" }, { "name": "symfony/event-dispatcher-contracts", @@ -5488,31 +5552,37 @@ }, { "name": "symfony/http-foundation", - "version": "v5.0.8", + "version": "v5.1.0", "source": { "type": "git", "url": "https://github.com/symfony/http-foundation.git", - "reference": "e47fdf8b24edc12022ba52923150ec6484d7f57d" + "reference": "e0d853bddc2b2cfb0d67b0b4496c03fffe1d37fa" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-foundation/zipball/e47fdf8b24edc12022ba52923150ec6484d7f57d", - "reference": "e47fdf8b24edc12022ba52923150ec6484d7f57d", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/e0d853bddc2b2cfb0d67b0b4496c03fffe1d37fa", + "reference": "e0d853bddc2b2cfb0d67b0b4496c03fffe1d37fa", "shasum": "" }, "require": { - "php": "^7.2.5", - "symfony/mime": "^4.4|^5.0", - "symfony/polyfill-mbstring": "~1.1" + "php": ">=7.2.5", + "symfony/deprecation-contracts": "^2.1", + "symfony/polyfill-mbstring": "~1.1", + "symfony/polyfill-php80": "^1.15" }, "require-dev": { "predis/predis": "~1.0", - "symfony/expression-language": "^4.4|^5.0" + "symfony/cache": "^4.4|^5.0", + "symfony/expression-language": "^4.4|^5.0", + "symfony/mime": "^4.4|^5.0" + }, + "suggest": { + "symfony/mime": "To use the file extension guesser" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.1-dev" } }, "autoload": { @@ -5553,30 +5623,32 @@ "type": "tidelift" } ], - "time": "2020-04-18T20:50:06+00:00" + "time": "2020-05-24T12:18:07+00:00" }, { "name": "symfony/http-kernel", - "version": "v5.0.8", + "version": "v5.1.0", "source": { "type": "git", "url": "https://github.com/symfony/http-kernel.git", - "reference": "3565e51eecd06106304baba5ccb7ba89db2d7d2b" + "reference": "75ff5327a7d6ede3ccc2fac3ebca9ed776b3e85c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-kernel/zipball/3565e51eecd06106304baba5ccb7ba89db2d7d2b", - "reference": "3565e51eecd06106304baba5ccb7ba89db2d7d2b", + "url": "https://api.github.com/repos/symfony/http-kernel/zipball/75ff5327a7d6ede3ccc2fac3ebca9ed776b3e85c", + "reference": "75ff5327a7d6ede3ccc2fac3ebca9ed776b3e85c", "shasum": "" }, "require": { - "php": "^7.2.5", + "php": ">=7.2.5", "psr/log": "~1.0", + "symfony/deprecation-contracts": "^2.1", "symfony/error-handler": "^4.4|^5.0", "symfony/event-dispatcher": "^5.0", "symfony/http-foundation": "^4.4|^5.0", "symfony/polyfill-ctype": "^1.8", - "symfony/polyfill-php73": "^1.9" + "symfony/polyfill-php73": "^1.9", + "symfony/polyfill-php80": "^1.15" }, "conflict": { "symfony/browser-kit": "<4.4", @@ -5623,7 +5695,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.1-dev" } }, "autoload": { @@ -5664,26 +5736,27 @@ "type": "tidelift" } ], - "time": "2020-04-28T18:53:25+00:00" + "time": "2020-05-31T06:14:18+00:00" }, { "name": "symfony/mime", - "version": "v5.0.8", + "version": "v5.1.0", "source": { "type": "git", "url": "https://github.com/symfony/mime.git", - "reference": "5d6c81c39225a750f3f43bee15f03093fb9aaa0b" + "reference": "56261f89385f9d13cf843a5101ac72131190bc91" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/mime/zipball/5d6c81c39225a750f3f43bee15f03093fb9aaa0b", - "reference": "5d6c81c39225a750f3f43bee15f03093fb9aaa0b", + "url": "https://api.github.com/repos/symfony/mime/zipball/56261f89385f9d13cf843a5101ac72131190bc91", + "reference": "56261f89385f9d13cf843a5101ac72131190bc91", "shasum": "" }, "require": { - "php": "^7.2.5", + "php": ">=7.2.5", "symfony/polyfill-intl-idn": "^1.10", - "symfony/polyfill-mbstring": "^1.0" + "symfony/polyfill-mbstring": "^1.0", + "symfony/polyfill-php80": "^1.15" }, "conflict": { "symfony/mailer": "<4.4" @@ -5695,7 +5768,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.1-dev" } }, "autoload": { @@ -5740,7 +5813,7 @@ "type": "tidelift" } ], - "time": "2020-04-17T03:29:44+00:00" + "time": "2020-05-25T12:33:44+00:00" }, { "name": "symfony/polyfill-ctype", @@ -6247,6 +6320,82 @@ ], "time": "2020-05-12T16:47:27+00:00" }, + { + "name": "symfony/polyfill-php80", + "version": "v1.17.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php80.git", + "reference": "5e30b2799bc1ad68f7feb62b60a73743589438dd" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/5e30b2799bc1ad68f7feb62b60a73743589438dd", + "reference": "5e30b2799bc1ad68f7feb62b60a73743589438dd", + "shasum": "" + }, + "require": { + "php": ">=7.0.8" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.17-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Polyfill\\Php80\\": "" + }, + "files": [ + "bootstrap.php" + ], + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ion Bazan", + "email": "ion.bazan@gmail.com" + }, + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2020-05-12T16:47:27+00:00" + }, { "name": "symfony/polyfill-util", "version": "v1.17.0", @@ -6767,21 +6916,22 @@ }, { "name": "symfony/var-dumper", - "version": "v5.0.8", + "version": "v5.1.0", "source": { "type": "git", "url": "https://github.com/symfony/var-dumper.git", - "reference": "09de28632f16f81058a85fcf318397218272a07b" + "reference": "46a942903059b0b05e601f00eb64179e05578c0f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/var-dumper/zipball/09de28632f16f81058a85fcf318397218272a07b", - "reference": "09de28632f16f81058a85fcf318397218272a07b", + "url": "https://api.github.com/repos/symfony/var-dumper/zipball/46a942903059b0b05e601f00eb64179e05578c0f", + "reference": "46a942903059b0b05e601f00eb64179e05578c0f", "shasum": "" }, "require": { - "php": "^7.2.5", - "symfony/polyfill-mbstring": "~1.0" + "php": ">=7.2.5", + "symfony/polyfill-mbstring": "~1.0", + "symfony/polyfill-php80": "^1.15" }, "conflict": { "phpunit/phpunit": "<5.4.3", @@ -6804,7 +6954,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.1-dev" } }, "autoload": { @@ -6852,7 +7002,7 @@ "type": "tidelift" } ], - "time": "2020-04-12T16:45:47+00:00" + "time": "2020-05-30T20:35:19+00:00" }, { "name": "tightenco/collect", diff --git a/config/cors.php b/config/cors.php new file mode 100644 index 000000000..e33f4c445 --- /dev/null +++ b/config/cors.php @@ -0,0 +1,60 @@ + [], + + /* + * Matches the request method. `[*]` allows all methods. + */ + 'allowed_methods' => ['*'], + + /* + * Matches the request origin. `[*]` allows all origins. Wildcards can be used, eg `*.mydomain.com` + */ + 'allowed_origins' => ['*'], + + /* + * Patterns that can be used with `preg_match` to match the origin. + */ + 'allowed_origins_patterns' => [], + + /* + * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers. + */ + 'allowed_headers' => ['*'], + + /* + * Sets the Access-Control-Expose-Headers response header with these headers. + */ + 'exposed_headers' => [], + + /* + * Sets the Access-Control-Max-Age response header when > 0. + */ + 'max_age' => 0, + + /* + * Sets the Access-Control-Allow-Credentials header. + */ + 'supports_credentials' => false, +]; \ No newline at end of file