added backend login throotling, and modify built-in components command to be ready for API used aswell

Author: darryldecode

src/Darryldecode/Backend/Base/Commands/Command.php

@@ -21,6 +21,15 @@ abstract class Command {
      */
     protected $args;
 
+    /**
+     * disable the permission checking on a command, this will be helpful
+     * when the commands are being used as an API or something custom that does not need
+     * to check a user permission. Just in case you need it to work freely
+     *
+     * @var bool
+     */
+    protected $disablePermissionChecking = false;
+
 	public function __construct()
     {
         $app = app();

src/Darryldecode/Backend/Base/Console/ComponentMake.php

@@ -50,8 +50,15 @@ public function handle(Filesystem $filesystem)
         $componentNamespace     = $this->formatToComponentNamespace($componentTitle);
         $componentUrl           = $this->formatToComponentUrl($componentTitle);
 
+        $backendCustomComponentsPath = app_path().'/Backend';
         $componentPath = app_path().'/Backend/Components/'.$componentNamespace;
 
+        if( ! $this->filesystem->isDirectory($backendCustomComponentsPath) )
+        {
+            $this->filesystem->makeDirectory($backendCustomComponentsPath);
+            $this->filesystem->makeDirectory($backendCustomComponentsPath.'/Components');
+        }
+
         if( $this->filesystem->isDirectory($componentPath) )
         {
             $this->error('Component already exist.');

src/Darryldecode/Backend/Base/Etc/scaffolds/Controller

@@ -3,11 +3,17 @@
 namespace App\Backend\Components\{{componentNamespace}}\Controllers;
 
 use Darryldecode\Backend\Base\Controllers\BaseController;
+use Darryldecode\Backend\Utility\Helpers;
 
 class {{componentNamespace}}Controller extends BaseController {
 
     public function index()
     {
+        if( ! $this->user->hasAnyPermission(['{{componentNamespace}}.manage']) )
+        {
+            return Helpers::redirectDashboard();
+        }
+
         return view('{{componentNamespace}}::index');
     }
 }

src/Darryldecode/Backend/Components/Auth/Controllers/AuthController.php

@@ -4,9 +4,12 @@
 
 use Darryldecode\Backend\Base\Controllers\BaseController;
 
+use Darryldecode\Backend\Components\User\Models\Throttle;
+use Darryldecode\Backend\Components\User\Models\User;
 use Darryldecode\Backend\Utility\Helpers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
+use Carbon\Carbon;
 
 class AuthController extends BaseController {
 
@@ -30,14 +33,68 @@ public function getLogin()
      * handle login post request
      *
      * @param Request $request
+     * @param Throttle $throttle
+     * @param User $user
      * @return $this|\Illuminate\Http\RedirectResponse
      */
-    public function postLogin(Request $request)
+    public function postLogin(Request $request, Throttle $throttle, User $user)
     {
         $credentials = $request->only('email', 'password');
+        $throttleEntry = false;
 
+        // check if the user exist and get its throttle entry
+        // then we will check if the user is suspended or banned
+        if( $user = $user->where('email',$credentials['email'])->first() )
+        {
+            if( ! $throttleEntry = $throttle->where('user_id',$user->id)->first() )
+            {
+                $throttleEntry = $throttle::create(array(
+                    'user_id' => $user->id
+                ));
+            }
+
+            // if the user is currently suspended, lets check its suspension is already expire
+            // so we can clear its login attempts and attempt it to login again,
+            // if not expired yet, then we will redirect it back with the suspended notice
+            if( $throttleEntry->isSuspended() )
+            {
+                $now = Carbon::now();
+                $suspendedUntil = Carbon::createFromTimeStamp(strtotime($throttleEntry->suspended_at))->addMinutes($throttle->getSuspensionTime());
+
+                if( $now > $suspendedUntil )
+                {
+                    $throttleEntry->clearLoginAttempts();
+                    $throttleEntry->unSuspend();
+                }
+                else
+                {
+                    $minsRemaining = $now->diffInMinutes($suspendedUntil);
+
+                    return redirect()->back()
+                        ->withInput($request->only('email', 'remember'))
+                        ->withErrors([
+                            'email' => 'This account is currently suspended. You can login after '.$minsRemaining.' minutes.',
+                        ]);
+                }
+            }
+
+            // if the user is currently banned, no need to do anything
+            // we will just redirect it back with banned notice
+            elseif( $throttleEntry->isBanned() )
+            {
+                return redirect()->back()
+                    ->withInput($request->only('email', 'remember'))
+                    ->withErrors([
+                        'email' => 'This account is currently banned.',
+                    ]);
+            }
+        }
+
+        // attempt to login
         if (Auth::attempt($credentials, $request->has('remember')))
         {
+            $throttleEntry->clearLoginAttempts();
+
             if( $request->get('ru') != '' )
             {
                 return redirect()->intended($request->get('ru'));
@@ -46,6 +103,18 @@ public function postLogin(Request $request)
             return redirect()->intended(Helpers::getDashboardRoute());
         }
 
+        // login attempt failed, let's increment login attempt
+        if( $throttleEntry )
+        {
+            $throttleEntry->addLoginAttempt();
+
+            return redirect()->back()
+                ->withInput($request->only('email', 'remember'))
+                ->withErrors([
+                    'email' => 'These credentials do not match our records. Login attempt remaining: '.$throttleEntry->getRemainingLoginAttempts(),
+                ]);
+        }
+
         return redirect()->back()
             ->withInput($request->only('email', 'remember'))
             ->withErrors([

src/Darryldecode/Backend/Components/ContentBuilder/Commands/CreateContentCommand.php

@@ -52,20 +52,21 @@ class CreateContentCommand extends Command implements SelfHandling {
 	 */
 	private $taxonomies;
 
-	/**
-	 * Create a new command instance.
-	 * @param string $title
-	 * @param string $body
-	 * @param string $slug
-	 * @param $status
-	 * @param int $authorId
-	 * @param int $contentTypeId
-	 * @param null|array $permissionRequirements
-	 * @param array $taxonomies
-	 * @param array $miscData
-	 * @param array $metaData
-	 */
-	public function __construct($title, $body, $slug, $status, $authorId, $contentTypeId, $permissionRequirements = null, $taxonomies = array(), $miscData = array(), $metaData = array())
+    /**
+     * Create a new command instance.
+     * @param string $title
+     * @param string $body
+     * @param string $slug
+     * @param $status
+     * @param int $authorId
+     * @param int $contentTypeId
+     * @param null|array $permissionRequirements
+     * @param array $taxonomies
+     * @param array $miscData
+     * @param array $metaData
+     * @param bool $disablePermissionChecking
+     */
+	public function __construct($title, $body, $slug, $status, $authorId, $contentTypeId, $permissionRequirements = null, $taxonomies = array(), $miscData = array(), $metaData = array(), $disablePermissionChecking = false)
 	{
 		parent::__construct();
 		$this->title = $title;
@@ -78,6 +79,7 @@ public function __construct($title, $body, $slug, $status, $authorId, $contentTy
 		$this->status = $status;
 		$this->metaData = $metaData;
 		$this->taxonomies = $taxonomies;
+        $this->disablePermissionChecking = $disablePermissionChecking;
 	}
 
     /**
@@ -101,10 +103,13 @@ public function handle(Content $content, Factory $validator, ContentType $conten
 		}
 
 		// check if user has permission
-		if( ! $this->user->hasAnyPermission([$cTypeManage]) )
-		{
-			return new CommandResult(false, "Not enough permission.", null, 403);
-		}
+		if( ! $this->disablePermissionChecking )
+        {
+            if( ! $this->user->hasAnyPermission([$cTypeManage]) )
+            {
+                return new CommandResult(false, "Not enough permission.", null, 403);
+            }
+        }
 
 		// validate data
 		$validationResult = $validator->make(array(

src/Darryldecode/Backend/Components/ContentBuilder/Commands/CreateContentTypeCommand.php

@@ -19,17 +19,19 @@ class CreateContentTypeCommand extends Command implements SelfHandling {
 	 */
 	private $enableRevision;
 
-	/**
-	 * Create a new command instance.
-	 *
-	 * @param string $type
-	 * @param string $enableRevision
-	 */
-	public function __construct($type, $enableRevision = 'no')
+    /**
+     * Create a new command instance.
+     *
+     * @param string $type
+     * @param string $enableRevision
+     * @param bool $disablePermissionChecking
+     */
+	public function __construct($type, $enableRevision = 'no', $disablePermissionChecking = false)
 	{
 		parent::__construct();
 		$this->type = $type;
 		$this->enableRevision = $enableRevision;
+        $this->disablePermissionChecking = $disablePermissionChecking;
 	}
 
 	/**
@@ -43,10 +45,13 @@ public function __construct($type, $enableRevision = 'no')
 	public function handle(Factory $validator, ContentType $contentType, Dispatcher $dispatcher)
 	{
 		// validate authorization
-		if( ! $this->user->hasAnyPermission(['contentBuilder.manage']) )
-		{
-			return new CommandResult(false, CommandResult::$responseForbiddenMessage, null, 403);
-		}
+        if( ! $this->disablePermissionChecking )
+        {
+            if( ! $this->user->hasAnyPermission(['contentBuilder.manage']) )
+            {
+                return new CommandResult(false, CommandResult::$responseForbiddenMessage, null, 403);
+            }
+        }
 
 		// validate data
 		$validationResult = $validator->make(array(

src/Darryldecode/Backend/Components/ContentBuilder/Commands/CreateContentTypeTaxonomyCommand.php

@@ -24,20 +24,22 @@ class CreateContentTypeTaxonomyCommand extends Command implements SelfHandling {
 	 */
 	private $description;
 
-	/**
-	 * Create a new command instance.
-	 *
-	 * @param string $taxonomy
-	 * @param string $description
-	 * @param int $contentTypeId
-	 */
-	public function __construct($taxonomy = null, $description = null, $contentTypeId = null)
+    /**
+     * Create a new command instance.
+     *
+     * @param string $taxonomy
+     * @param string $description
+     * @param int $contentTypeId
+     * @param bool $disablePermissionChecking
+     */
+	public function __construct($taxonomy = null, $description = null, $contentTypeId = null, $disablePermissionChecking = false)
 	{
 		parent::__construct();
 		$this->taxonomy = $taxonomy;
 		$this->contentTypeId = $contentTypeId;
 		$this->description = $description;
 		$this->args = get_defined_vars();
+        $this->disablePermissionChecking = $disablePermissionChecking;
 	}
 
 	/**
@@ -51,10 +53,13 @@ public function __construct($taxonomy = null, $description = null, $contentTypeI
 	public function handle(ContentType $contentType, Validator $validator, Dispatcher $dispatcher)
 	{
 		// validate authorization
-		if( ! $this->user->hasAnyPermission(['contentBuilder.manage']) )
-		{
-			return new CommandResult(false, CommandResult::$responseForbiddenMessage, null, 403);
-		}
+        if( ! $this->disablePermissionChecking )
+        {
+            if( ! $this->user->hasAnyPermission(['contentBuilder.manage']) )
+            {
+                return new CommandResult(false, CommandResult::$responseForbiddenMessage, null, 403);
+            }
+        }
 
 		// validate data
 		$validationResult = $validator->make(array(

src/Darryldecode/Backend/Components/ContentBuilder/Commands/CreateFormGroupCommand.php

@@ -47,12 +47,14 @@ class CreateFormGroupCommand extends Command implements SelfHandling {
      * @param array $conditions
      * @param array $fields
      * @param null $contentTypeId
+     * @param bool $disablePermissionChecking
      */
     public function __construct($name = null,
                                 $formName = null,
                                 $conditions = array(),
                                 $fields = array(),
-                                $contentTypeId = null)
+                                $contentTypeId = null,
+                                $disablePermissionChecking = false)
     {
         parent::__construct();
         $this->name = $name;
@@ -61,6 +63,7 @@ public function __construct($name = null,
         $this->fields = $fields;
         $this->contentTypeId = $contentTypeId;
         $this->args = get_defined_vars();
+        $this->disablePermissionChecking = $disablePermissionChecking;
     }
 
     /**
@@ -73,9 +76,12 @@ public function __construct($name = null,
     public function handle(Factory $validator, Dispatcher $dispatcher, ContentType $contentType, ContentTypeFormGroup $contentTypeFormGroup)
     {
         // check if user has permission
-        if( ! $this->user->hasAnyPermission(['contentBuilder.manage']) )
+        if( ! $this->disablePermissionChecking )
         {
-            return new CommandResult(false, "Not enough permission.", null, 403);
+            if( ! $this->user->hasAnyPermission(['contentBuilder.manage']) )
+            {
+                return new CommandResult(false, "Not enough permission.", null, 403);
+            }
         }
 
         // validate data

src/Darryldecode/Backend/Components/ContentBuilder/Commands/CreateTypeTaxonomyTerm.php

@@ -24,19 +24,21 @@ class CreateTypeTaxonomyTerm extends Command implements SelfHandling {
 	 */
 	private $slug;
 
-	/**
-	 * Create a new command instance.
-	 *
-	 * @param string $term
-	 * @param $slug
-	 * @param int $contentTypeTaxonomyId
-	 */
-	public function __construct($term = null, $slug = null, $contentTypeTaxonomyId = null)
+    /**
+     * Create a new command instance.
+     *
+     * @param string $term
+     * @param $slug
+     * @param int $contentTypeTaxonomyId
+     * @param bool $disablePermissionChecking
+     */
+	public function __construct($term = null, $slug = null, $contentTypeTaxonomyId = null, $disablePermissionChecking = false)
 	{
 		parent::__construct();
 		$this->term = $term;
 		$this->contentTypeTaxonomyId = $contentTypeTaxonomyId;
 		$this->slug = $slug;
+        $this->disablePermissionChecking = $disablePermissionChecking;
 	}
 
 	/**
@@ -70,10 +72,13 @@ public function handle(ContentType $contentType, ContentTypeTaxonomy $contentTyp
 		$canManageOnThisType = $type->type.'.manage';
 
 		// check if user has permission
-		if( ! $this->user->hasAnyPermission([$canManageOnThisType]) )
-		{
-			return new CommandResult(false, "Not enough permission.", null, 403);
-		}
+		if( ! $this->disablePermissionChecking )
+        {
+            if( ! $this->user->hasAnyPermission([$canManageOnThisType]) )
+            {
+                return new CommandResult(false, "Not enough permission.", null, 403);
+            }
+        }
 
 		// validate data
 		$validationResult = $validator->make(array(