diff --git a/.env.example b/.env.example index b50232a52..817666919 100644 --- a/.env.example +++ b/.env.example @@ -4,6 +4,17 @@ APP_KEY= APP_DEBUG=false APP_URL=http://localhost +# Trusted reverse proxy IP addresses (comma-separated) +# By default, all private IP ranges are trusted (192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 127.0.0.1) +# Set this to restrict to specific proxy IP(s) for improved security: +# TRUSTED_PROXIES=192.168.1.10 +# TRUSTED_PROXIES=192.168.1.10,192.168.1.11 +# Set to empty string to trust no proxies: +# TRUSTED_PROXIES= +# Set to * to trust all proxies (use with caution): +# TRUSTED_PROXIES=* +#TRUSTED_PROXIES= + APP_LOCALE=en APP_FALLBACK_LOCALE=en APP_FAKER_LOCALE=en_US diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 7b5be7651..3ffac5ba4 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -11,8 +11,6 @@ use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; -use Illuminate\Support\Facades\Session; -use Illuminate\Support\Facades\URL; use Illuminate\Validation\ValidationException; use Symfony\Component\HttpFoundation\Response; @@ -45,7 +43,6 @@ class LoginController extends Controller */ public function __construct() { - Session::put('backUrl', URL::previous()); $this->middleware('guest')->except(['logout','autologin']); } @@ -135,7 +132,7 @@ public function showLoginForm(): \Illuminate\View\View */ protected function authenticated(Request $request, $user): RedirectResponse { - return back(); + return redirect()->route('dash'); } /** @@ -143,6 +140,6 @@ protected function authenticated(Request $request, $user): RedirectResponse */ public function redirectTo() { - return Session::get('url.intended') ? Session::get('url.intended') : $this->redirectTo; + return $this->redirectTo; } } diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php index a7e2579d4..39c52397e 100644 --- a/app/Http/Middleware/RedirectIfAuthenticated.php +++ b/app/Http/Middleware/RedirectIfAuthenticated.php @@ -15,7 +15,7 @@ class RedirectIfAuthenticated public function handle(Request $request, Closure $next, string $guard = null): Response { if (Auth::guard($guard)->check()) { - return redirect()->intended(); + return redirect('/'); } return $next($request); diff --git a/app/Http/Middleware/TrustProxies.php b/app/Http/Middleware/TrustProxies.php index 95e5ccd77..630167934 100644 --- a/app/Http/Middleware/TrustProxies.php +++ b/app/Http/Middleware/TrustProxies.php @@ -10,14 +10,43 @@ class TrustProxies extends Middleware /** * The trusted proxies for this application. * - * @var array + * Set TRUSTED_PROXIES in your .env file to the IP address(es) of your reverse proxy. + * Use '*' to trust all proxies (not recommended for production). + * Use comma-separated values for multiple proxies (e.g., "192.168.1.10,192.168.1.11"). + * + * @var array|string|null */ - protected $proxies = ['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8', '127.0.0.1']; + protected $proxies; /** * The current proxy header mappings. * - * @var array + * @var int */ protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB; + + /** + * Default trusted proxies (private IP ranges for backwards compatibility). + */ + private const DEFAULT_PROXIES = ['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8', '127.0.0.1']; + + /** + * Bootstrap the middleware. + */ + public function __construct() + { + $proxies = env('TRUSTED_PROXIES'); + + if ($proxies === null) { + // Default to private IP ranges for backwards compatibility + $this->proxies = self::DEFAULT_PROXIES; + } elseif ($proxies === '*') { + $this->proxies = '*'; + } elseif ($proxies === '') { + // Explicitly set to empty = trust no proxies + $this->proxies = []; + } else { + $this->proxies = array_map('trim', explode(',', $proxies)); + } + } }