diff --git a/app/Http/Controllers/PaymentController.php b/app/Http/Controllers/PaymentController.php index 02b59b870efb..aec7c8897ce0 100644 --- a/app/Http/Controllers/PaymentController.php +++ b/app/Http/Controllers/PaymentController.php @@ -6,10 +6,16 @@ use Redirect; use Session; use Utils; use View; +use Validator; +use Omnipay; +use CreditCard; +use URL; use App\Models\Invoice; +use App\Models\Invitation; use App\Models\Client; use App\Models\PaymentType; +use App\Models\Country; use App\Ninja\Repositories\PaymentRepository; use App\Ninja\Repositories\InvoiceRepository; @@ -362,7 +368,8 @@ class PaymentController extends BaseController 'paymentLibrary' => $paymentLibrary, 'gateway' => $gateway, 'acceptedCreditCardTypes' => $acceptedCreditCardTypes, - 'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + //'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + 'countries' => Country::orderBy('name')->get(), 'currencyId' => $client->currency_id, 'account' => $client->account ]; @@ -411,7 +418,8 @@ class PaymentController extends BaseController 'paymentLibrary' => $paymentLibrary, 'gateway' => $gateway, 'acceptedCreditCardTypes' => $acceptedCreditCardTypes, - 'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + //'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + 'countries' => Country::orderBy('name')->get(), 'currencyId' => 1, 'paymentTitle' => $affiliate->payment_title, 'paymentSubtitle' => $affiliate->payment_subtitle, @@ -554,7 +562,7 @@ class PaymentController extends BaseController } } - $invitation = Invitation::with('invoice.invoice_items', 'invoice.client.currency', 'invoice.client.account.account_gateways.gateway')->where('invitation_key', '=', $invitationKey)->firstOrFail(); + $invitation = Invitation::with('invoice.invoice_items', 'invoice.client.currency', 'invoice.client.account.currency', 'invoice.client.account.account_gateways.gateway')->where('invitation_key', '=', $invitationKey)->firstOrFail(); $invoice = $invitation->invoice; $client = $invoice->client; $account = $client->account; diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index ae6bf2d97dd4..509dbf1cce9b 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -10,13 +10,13 @@ class Kernel extends HttpKernel { * @var array */ protected $middleware = [ - 'App\Http\Middleware\StartupCheck', - 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode', + 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode', 'Illuminate\Cookie\Middleware\EncryptCookies', 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse', 'Illuminate\Session\Middleware\StartSession', 'Illuminate\View\Middleware\ShareErrorsFromSession', 'App\Http\Middleware\VerifyCsrfToken', + 'App\Http\Middleware\StartupCheck', ]; /** @@ -28,7 +28,7 @@ class Kernel extends HttpKernel { 'auth' => 'App\Http\Middleware\Authenticate', 'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth', 'guest' => 'App\Http\Middleware\RedirectIfAuthenticated', - 'absurd' => 'App\Http\Middleware\StartupCheck', + 'api' => 'App\Http\Middleware\ApiCheck', ]; } diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php new file mode 100644 index 000000000000..24753a0fc7a8 --- /dev/null +++ b/app/Http/Middleware/ApiCheck.php @@ -0,0 +1,75 @@ +first(['id', 'user_id']); + + if ($token) { + Auth::loginUsingId($token->user_id); + Session::set('token_id', $token->id); + } else { + sleep(3); + return Response::make('Invalid token', 403, $headers); + } + + if (!Utils::isNinja()) { + return null; + } + + if (!Utils::isPro()) { + return Response::make('API requires pro plan', 403, $headers); + } else { + $accountId = Auth::user()->account->id; + + // http://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users + $hour = 60 * 60; + $hour_limit = 100; # users are limited to 100 requests/hour + $hour_throttle = Cache::get("hour_throttle:{$accountId}", null); + $last_api_request = Cache::get("last_api_request:{$accountId}", 0); + $last_api_diff = time() - $last_api_request; + + if (is_null($hour_throttle)) { + $new_hour_throttle = 0; + } else { + $new_hour_throttle = $hour_throttle - $last_api_diff; + $new_hour_throttle = $new_hour_throttle < 0 ? 0 : $new_hour_throttle; + $new_hour_throttle += $hour / $hour_limit; + $hour_hits_remaining = floor(( $hour - $new_hour_throttle ) * $hour_limit / $hour); + $hour_hits_remaining = $hour_hits_remaining >= 0 ? $hour_hits_remaining : 0; + } + + if ($new_hour_throttle > $hour) { + $wait = ceil($new_hour_throttle - $hour); + sleep(1); + return Response::make("Please wait {$wait} second(s)", 403, $headers); + } + + Cache::put("hour_throttle:{$accountId}", $new_hour_throttle, 10); + Cache::put("last_api_request:{$accountId}", time(), 10); + } + + + return $next($request); + } + +} \ No newline at end of file diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php index db688181ff87..e6e3a4ebefd7 100644 --- a/app/Http/Middleware/RedirectIfAuthenticated.php +++ b/app/Http/Middleware/RedirectIfAuthenticated.php @@ -35,7 +35,7 @@ class RedirectIfAuthenticated { { if ($this->auth->check()) { - return new RedirectResponse(url('/')); + return new RedirectResponse(url('/dashboard')); } return $next($request); diff --git a/app/Http/Middleware/StartupCheck.php b/app/Http/Middleware/StartupCheck.php index 0c37fd5d2cf5..fb0c7df3154f 100644 --- a/app/Http/Middleware/StartupCheck.php +++ b/app/Http/Middleware/StartupCheck.php @@ -7,6 +7,8 @@ use Auth; use Input; use Redirect; use Cache; +use Session; +use Event; use App\Models\Currency; use App\Events\UserSettingsChanged; @@ -22,7 +24,6 @@ class StartupCheck { */ public function handle($request, Closure $next) { - // Ensure all request are over HTTPS in production if (App::environment() == ENV_PRODUCTION) { @@ -151,7 +152,7 @@ class StartupCheck { } } } - + return $next($request); } diff --git a/app/Http/routes.php b/app/Http/routes.php index 2391cd2a0124..18f5914afd70 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -55,10 +55,12 @@ Route::post('signup/submit', 'AccountController@submitSignup'); // Laravel auth routes +/* Route::controllers([ 'auth' => 'Auth\AuthController', 'password' => 'Auth\PasswordController', ]); +*/ get('/signup', array('as' => 'signup', 'uses' => 'Auth\AuthController@getRegister')); post('/signup', array('as' => 'signup', 'uses' => 'Auth\AuthController@postRegister')); @@ -88,7 +90,7 @@ if (\App\Libraries\Utils::isNinja()) { Route::get('/demo', 'AccountController@demo'); } -Route::group(array('middleware' => 'auth'), function() { +Route::group(['middleware' => 'auth'], function() { Route::get('dashboard', 'DashboardController@index'); Route::get('view_archive/{entity_type}/{visible}', 'AccountController@setTrashVisible'); Route::get('hide_message', 'HomeController@hideMessage'); @@ -169,7 +171,7 @@ Route::group(array('middleware' => 'auth'), function() { }); // Route group for API -Route::group(array('prefix' => 'api/v1', 'before' => ['api.access']), function() +Route::group(['middleware' => 'api', 'prefix' => 'api/v1'], function() { Route::resource('ping', 'ClientApiController@ping'); Route::resource('clients', 'ClientApiController'); diff --git a/app/Models/Account.php b/app/Models/Account.php index 1b3df82ab00b..a47dc417710c 100644 --- a/app/Models/Account.php +++ b/app/Models/Account.php @@ -66,6 +66,11 @@ class Account extends Eloquent return $this->belongsTo('App\Models\Size'); } + public function currency() + { + return $this->belongsTo('App\Models\Currency'); + } + public function industry() { return $this->belongsTo('App\Models\Industry'); diff --git a/resources/views/dashboard.blade.php b/resources/views/dashboard.blade.php index 0002652750f1..30d9bbb737f1 100644 --- a/resources/views/dashboard.blade.php +++ b/resources/views/dashboard.blade.php @@ -124,7 +124,7 @@ @foreach ($upcoming as $invoice) @if (!$invoice->client->trashed())