Merge pull request #50 from Crudzaso/develop

Develop
Crudzaso · Nov 9, 2024 · 1853d9e · 1853d9e
2 parents 200dd2c + 4369660
commit 1853d9e
Show file tree

Hide file tree

Showing 14 changed files with 375 additions and 19 deletions.
diff --git a/.gitignore b/.gitignore
@@ -20,3 +20,4 @@ yarn-error.log
 /.idea
 /.vscode
 /.zed
+/database/migrations/*_create_telescope_entries_table.php
diff --git a/app/Http/Controllers/AdminAuthController.php b/app/Http/Controllers/AdminAuthController.php
@@ -25,7 +25,6 @@ public function verifyPassword(Request $request)
         if (Hash::check($request->password, auth()->user()->password)) {
             session(['admin_password_verified' => true]);
 
-            // Redirigir a la URL que el usuario intentaba acceder, o a /dashboard/admin por defecto
             $redirectUrl = session()->pull('url.intended', '/dashboard/admin');
             return response()->json([
                 'success' => true,

diff --git a/app/Http/Middleware/AdminPasswordVerification.php b/app/Http/Middleware/AdminPasswordVerification.php
@@ -15,35 +15,29 @@ public function handle(Request $request, Closure $next)
         if (!Auth::check() || !Auth::user()->hasRole('admin')) {
             return redirect()->route('login');
         }
-
+    
         $currentPath = $request->path();
-
-        // Solicitar verificación de contraseña para /admin y sus subrutas
+    
+        // Evitar bucle infinito al manejar Filament en /admin
         if ($currentPath === 'admin' || str_starts_with($currentPath, 'admin/')) {
             if (!Session::has('admin_password_verified')) {
                 // Guardar la URL intentada para redireccionar después de la verificación
                 $request->session()->put('url.intended', $request->fullUrl());
                 return redirect()->route('admin.verify-password');
             }
-
-            // Limpiar el estado de verificación después del acceso
-            Session::forget('admin_password_verified');
+
             return $next($request);
         }
-
-        // Solicitar verificación de contraseña para /dashboard/admin
+    
+        // Manejar la ruta personalizada de administración
         if ($currentPath === 'dashboard/admin') {
             if (!Session::has('admin_password_verified')) {
                 // Guardar la URL intentada para redireccionar después de la verificación
                 $request->session()->put('url.intended', $request->fullUrl());
                 return redirect()->route('admin.verify-password');
             }
-
-            // Limpiar el estado de verificación después del acceso
-            Session::forget('admin_password_verified');
-            return $next($request);
         }
-
+    
         return $next($request);
     }
 

diff --git a/app/Providers/TelescopeServiceProvider.php b/app/Providers/TelescopeServiceProvider.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Providers;
+
+use Illuminate\Support\Facades\Gate;
+use Laravel\Telescope\IncomingEntry;
+use Laravel\Telescope\Telescope;
+use Laravel\Telescope\TelescopeApplicationServiceProvider;
+
+class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
+{
+    /**
+     * Register any application services.
+     */
+    public function register(): void
+    {
+        // Telescope::night();
+
+        $this->hideSensitiveRequestDetails();
+
+        $isLocal = $this->app->environment('local');
+
+        Telescope::filter(function (IncomingEntry $entry) use ($isLocal) {
+            return $isLocal ||
+                   $entry->isReportableException() ||
+                   $entry->isFailedRequest() ||
+                   $entry->isFailedJob() ||
+                   $entry->isScheduledTask() ||
+                   $entry->hasMonitoredTag();
+        });
+    }
+
+    /**
+     * Prevent sensitive request details from being logged by Telescope.
+     */
+    protected function hideSensitiveRequestDetails(): void
+    {
+        if ($this->app->environment('local')) {
+            return;
+        }
+
+        Telescope::hideRequestParameters(['_token']);
+
+        Telescope::hideRequestHeaders([
+            'cookie',
+            'x-csrf-token',
+            'x-xsrf-token',
+        ]);
+    }
+
+    /**
+     * Register the Telescope gate.
+     *
+     * This gate determines who can access Telescope in non-local environments.
+     */
+    protected function gate(): void
+    {
+        Gate::define('viewTelescope', function ($user) {
+            return $user->hasRole('admin');
+        });
+    }
+}
diff --git a/bootstrap/providers.php b/bootstrap/providers.php
@@ -5,6 +5,6 @@
     App\Providers\Filament\AdminPanelProvider::class,
     App\Providers\FortifyServiceProvider::class,
     App\Providers\JetstreamServiceProvider::class,
+    App\Providers\TelescopeServiceProvider::class,
     Spatie\Permission\PermissionServiceProvider::class,
-    App\Providers\Filament\AdminPanelProvider::class,
 ];
diff --git a/composer.json b/composer.json
@@ -13,6 +13,7 @@
         "laravel/jetstream": "^5.3",
         "laravel/sanctum": "^4.0",
         "laravel/socialite": "^5.16",
+        "laravel/telescope": "^5.2",
         "laravel/tinker": "^2.9",
         "nwidart/laravel-modules": "^11.1",
         "spatie/laravel-permission": "^6.9",

diff --git a/composer.lock b/composer.lock
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,3 +20,4 @@ yarn-error.log @@
     /.idea
     /.vscode
     /.zed
+    /database/migrations/*_create_telescope_entries_table.php