From 504fd0af4a94abc230e17b9703b177357f964c4a Mon Sep 17 00:00:00 2001 From: Nima8FT Date: Sat, 1 Nov 2025 21:49:36 +0330 Subject: [PATCH 1/3] fix(auth): replace auth()->user() with dependency injection --- .../Controllers/Personal/Comment/IndexController.php | 5 +++-- app/Http/Controllers/Personal/Liked/DeleteController.php | 5 +++-- app/Http/Controllers/Personal/Liked/IndexController.php | 5 +++-- app/Http/Controllers/Personal/Main/IndexController.php | 7 ++++--- app/Http/Controllers/Post/Comment/StoreController.php | 9 +++++---- app/Http/Controllers/Post/Like/StoreController.php | 5 +++-- app/Http/Middleware/AdminMiddleware.php | 5 +++-- 7 files changed, 24 insertions(+), 17 deletions(-) diff --git a/app/Http/Controllers/Personal/Comment/IndexController.php b/app/Http/Controllers/Personal/Comment/IndexController.php index 40e1f2ad..ee2bed4d 100644 --- a/app/Http/Controllers/Personal/Comment/IndexController.php +++ b/app/Http/Controllers/Personal/Comment/IndexController.php @@ -4,13 +4,14 @@ use App\Http\Controllers\Controller; use Illuminate\Contracts\View\Factory as ViewFactory; +use Illuminate\Contracts\Auth\Authenticatable; class IndexController extends Controller { - public function __invoke(ViewFactory $view_factory) + public function __invoke(ViewFactory $view_factory, Authenticatable $user) { /** @phpstan-ignore-next-line */ - $comments = auth()->user()->comments; + $comments = $user->comments; return $view_factory->make('personal.comment.index', ['comments' => $comments]); } diff --git a/app/Http/Controllers/Personal/Liked/DeleteController.php b/app/Http/Controllers/Personal/Liked/DeleteController.php index cbb06cbd..f0b48b16 100644 --- a/app/Http/Controllers/Personal/Liked/DeleteController.php +++ b/app/Http/Controllers/Personal/Liked/DeleteController.php @@ -4,13 +4,14 @@ use App\Http\Controllers\Controller; use App\Models\Post; +use Illuminate\Contracts\Auth\Authenticatable; class DeleteController extends Controller { - public function __invoke(Post $post) + public function __invoke(Post $post, Authenticatable $user) { /** @phpstan-ignore-next-line */ - auth()->user()->likedPosts()->detach($post->id); + $user->likedPosts()->detach($post->id); return redirect()->route('personal.liked.index'); } diff --git a/app/Http/Controllers/Personal/Liked/IndexController.php b/app/Http/Controllers/Personal/Liked/IndexController.php index 478f8e32..0a056fb8 100644 --- a/app/Http/Controllers/Personal/Liked/IndexController.php +++ b/app/Http/Controllers/Personal/Liked/IndexController.php @@ -3,14 +3,15 @@ namespace App\Http\Controllers\Personal\Liked; use App\Http\Controllers\Controller; +use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Contracts\View\Factory as ViewFactory; class IndexController extends Controller { - public function __invoke(ViewFactory $view_factory) + public function __invoke(ViewFactory $view_factory, Authenticatable $user) { /** @phpstan-ignore-next-line */ - $posts = auth()->user()->likedPosts; + $posts = $user->likedPosts; return $view_factory->make('personal.liked.index', ['posts' => $posts]); } diff --git a/app/Http/Controllers/Personal/Main/IndexController.php b/app/Http/Controllers/Personal/Main/IndexController.php index 63769eab..31986848 100644 --- a/app/Http/Controllers/Personal/Main/IndexController.php +++ b/app/Http/Controllers/Personal/Main/IndexController.php @@ -3,16 +3,17 @@ namespace App\Http\Controllers\Personal\Main; use App\Http\Controllers\Controller; +use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Contracts\View\Factory as ViewFactory; class IndexController extends Controller { - public function __invoke(ViewFactory $view_factory) + public function __invoke(ViewFactory $view_factory, Authenticatable $user) { /** @phpstan-ignore-next-line */ - $data['countComments'] = count(auth()->user()->comments); + $data['countComments'] = count($user->comments); /** @phpstan-ignore-next-line */ - $data['countLiked'] = count(auth()->user()->likedPosts); + $data['countLiked'] = count($user->likedPosts); return $view_factory->make('personal.main.index', ['data' => $data]); } diff --git a/app/Http/Controllers/Post/Comment/StoreController.php b/app/Http/Controllers/Post/Comment/StoreController.php index 1205e1e6..b07a1dc5 100644 --- a/app/Http/Controllers/Post/Comment/StoreController.php +++ b/app/Http/Controllers/Post/Comment/StoreController.php @@ -6,15 +6,16 @@ use App\Http\Requests\Post\Comment\StoreRequest; use App\Models\Comment; use App\Models\Post; +use Illuminate\Contracts\Auth\Authenticatable; class StoreController extends Controller { - public function __invoke(StoreRequest $request, Post $post) + public function __invoke(StoreRequest $request, Post $post, Authenticatable $user) { - $data = $request->validated(); + $data = $request->validated(); $data['post_id'] = $post->id; - /** @phpstan-ignore-next-line */ - $data['user_id'] = auth()->user()->id; + /** @phpstan-ignore-next-line */ + $data['user_id'] = $user->id; /** @phpstan-ignore-next-line */ Comment::create($data); diff --git a/app/Http/Controllers/Post/Like/StoreController.php b/app/Http/Controllers/Post/Like/StoreController.php index c2cebac5..c9204f2c 100644 --- a/app/Http/Controllers/Post/Like/StoreController.php +++ b/app/Http/Controllers/Post/Like/StoreController.php @@ -4,13 +4,14 @@ use App\Http\Controllers\Controller; use App\Models\Post; +use Illuminate\Contracts\Auth\Authenticatable; class StoreController extends Controller { - public function __invoke(Post $post) + public function __invoke(Post $post, Authenticatable $user) { /** @phpstan-ignore-next-line */ - auth()->user()->likedPosts()->toggle($post->id); + $user->likedPosts()->toggle($post->id); return redirect()->back(); } diff --git a/app/Http/Middleware/AdminMiddleware.php b/app/Http/Middleware/AdminMiddleware.php index dd14f7e1..402c209f 100644 --- a/app/Http/Middleware/AdminMiddleware.php +++ b/app/Http/Middleware/AdminMiddleware.php @@ -3,6 +3,7 @@ namespace App\Http\Middleware; use Closure; +use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Http\Request; use Symfony\Component\HttpFoundation\Response; @@ -13,10 +14,10 @@ class AdminMiddleware * * @param Closure(Request): (Response) $next */ - public function handle(Request $request, Closure $next): Response + public function handle(Request $request, Closure $next, Authenticatable $user): Response { /** @phpstan-ignore-next-line */ - if (auth()->user()->isReader()) { + if ($user->isReader()) { abort(404); } From 72667bdd42024bdcac87498ff9051d628d457496 Mon Sep 17 00:00:00 2001 From: Nima8FT Date: Sun, 2 Nov 2025 08:49:34 +0330 Subject: [PATCH 2/3] fix(middleware): use ->user() instead of DI in AdminMiddleware --- app/Http/Middleware/AdminMiddleware.php | 6 +++--- routes/web.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/Http/Middleware/AdminMiddleware.php b/app/Http/Middleware/AdminMiddleware.php index 402c209f..05c63e6a 100644 --- a/app/Http/Middleware/AdminMiddleware.php +++ b/app/Http/Middleware/AdminMiddleware.php @@ -3,7 +3,6 @@ namespace App\Http\Middleware; use Closure; -use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Http\Request; use Symfony\Component\HttpFoundation\Response; @@ -14,10 +13,11 @@ class AdminMiddleware * * @param Closure(Request): (Response) $next */ - public function handle(Request $request, Closure $next, Authenticatable $user): Response + public function handle(Request $request, Closure $next): Response { + $user = $request->user(); /** @phpstan-ignore-next-line */ - if ($user->isReader()) { + if (! $user || $user->isReader()) { abort(404); } diff --git a/routes/web.php b/routes/web.php index fcdb03cf..f8c63072 100644 --- a/routes/web.php +++ b/routes/web.php @@ -48,7 +48,7 @@ Route::prefix('post')->namespace('')->group(function () { Route::get('/{post}', [PostController::class, 'show'])->name('post.show'); - Route::prefix('{post}/comments')->group(function () { + Route::prefix('{post}/comments')->middleware('auth')->group(function () { Route::post('/', 'App\Http\Controllers\Post\Comment\StoreController')->name('post.comments.store'); }); Route::prefix('{post}/likes')->group(function () { From 0e2d0793c3eb6e26507c2cf3fc279184bf351c62 Mon Sep 17 00:00:00 2001 From: Nima8FT Date: Sun, 2 Nov 2025 18:11:35 +0330 Subject: [PATCH 3/3] fix(admin): require administrator in AdminMiddleware and add auth to likes routes --- app/Http/Middleware/AdminMiddleware.php | 2 +- routes/web.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Middleware/AdminMiddleware.php b/app/Http/Middleware/AdminMiddleware.php index 05c63e6a..5e7c1461 100644 --- a/app/Http/Middleware/AdminMiddleware.php +++ b/app/Http/Middleware/AdminMiddleware.php @@ -17,7 +17,7 @@ public function handle(Request $request, Closure $next): Response { $user = $request->user(); /** @phpstan-ignore-next-line */ - if (! $user || $user->isReader()) { + if (! $user || ! $user->isAdministrator()) { abort(404); } diff --git a/routes/web.php b/routes/web.php index f8c63072..1aeed1b9 100644 --- a/routes/web.php +++ b/routes/web.php @@ -51,7 +51,7 @@ Route::prefix('{post}/comments')->middleware('auth')->group(function () { Route::post('/', 'App\Http\Controllers\Post\Comment\StoreController')->name('post.comments.store'); }); - Route::prefix('{post}/likes')->group(function () { + Route::prefix('{post}/likes')->middleware('auth')->group(function () { Route::post('/', 'App\Http\Controllers\Post\Like\StoreController')->name('post.likes.store'); }); });