29 lines
668 B
PHP
29 lines
668 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Services\TotpService;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class Require2FA
|
|
{
|
|
public function __construct(private TotpService $totp) {}
|
|
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
$user = $request->user();
|
|
|
|
if (!$user) return $next($request);
|
|
|
|
if (!$this->totp->isEnabled($user)) return $next($request);
|
|
|
|
if ($request->session()->get('2fa_verified')) return $next($request);
|
|
|
|
if ($request->routeIs('auth.2fa*')) return $next($request);
|
|
|
|
return redirect()->route('auth.2fa');
|
|
}
|
|
}
|