diff --git a/app/Constants.php b/app/Constants.php index 954997211160..7ddb3aabce0a 100644 --- a/app/Constants.php +++ b/app/Constants.php @@ -229,7 +229,8 @@ if (! defined('APP_NAME')) { define('SESSION_REFERRAL_CODE', 'referralCode'); define('SESSION_LEFT_SIDEBAR', 'showLeftSidebar'); define('SESSION_RIGHT_SIDEBAR', 'showRightSidebar'); - define('SESSION_DB_SERVER', 'dbServer'); + define('SESSION_USER_DB_SERVER', 'userDbServer'); + define('SESSION_CONTACT_DB_SERVER', 'contactDbServer'); define('SESSION_LAST_REQUEST_PAGE', 'SESSION_LAST_REQUEST_PAGE'); define('SESSION_LAST_REQUEST_TIME', 'SESSION_LAST_REQUEST_TIME'); diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php index c9c740bed89d..59c8e194e389 100644 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -142,7 +142,7 @@ class AuthController extends Controller */ public function postLoginWrapper(Request $request) { - LookupUser::setServerByEmail($request->input('email')); + LookupUser::setServerByField('email', $request->input('email')); $userId = Auth::check() ? Auth::user()->id : null; $user = User::where('email', '=', $request->input('email'))->first(); diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 78685293b9d1..49133b82d711 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -29,12 +29,12 @@ class Kernel extends HttpKernel * @var array */ protected $routeMiddleware = [ + 'lookup' => 'App\Http\Middleware\DatabaseLookup', 'auth' => 'App\Http\Middleware\Authenticate', 'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth', 'permissions.required' => 'App\Http\Middleware\PermissionsRequired', 'guest' => 'App\Http\Middleware\RedirectIfAuthenticated', 'api' => 'App\Http\Middleware\ApiCheck', 'cors' => '\Barryvdh\Cors\HandleCors', - 'lookup' => 'App\Http\Middleware\DatabaseLookup', ]; } diff --git a/app/Http/Middleware/DatabaseLookup.php b/app/Http/Middleware/DatabaseLookup.php index 6aecf60d7edb..f47d4fa26fa0 100644 --- a/app/Http/Middleware/DatabaseLookup.php +++ b/app/Http/Middleware/DatabaseLookup.php @@ -4,13 +4,29 @@ namespace App\Http\Middleware; use Illuminate\Http\Request; use Closure; +use App\Models\LookupContact; +use App\Models\LookupInvitation; class DatabaseLookup { - public function handle(Request $request, Closure $next) + public function handle(Request $request, Closure $next, $guard = 'user') { - if (env('MULTI_DB_ENABLED') && ! session('SESSION_DB_SERVER')) { - return redirect('/logout'); + if (! env('MULTI_DB_ENABLED')) { + return $next($request); + } + + // user's value is set when logging in + if ($guard == 'user') { + if (! session('SESSION_USER_DB_SERVER')) { + return redirect('/logout'); + } + // contacts can login with just the URL + } else { + if (request()->invitation_key) { + LookupInvitation::setServerByField('invitation_key', request()->invitation_key); + } elseif (request()->contact_key) { + LookupContact::setServerByField('contact_key', request()->contact_key); + } } return $next($request); diff --git a/app/Http/routes.php b/app/Http/routes.php index 5fc0e8b5799b..1e329598119c 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -25,7 +25,7 @@ Route::get('/keep_alive', 'HomeController@keepAlive'); Route::post('/get_started', 'AccountController@getStarted'); // Client visible pages -Route::group(['middleware' => ['auth:client', 'lookup']], function () { +Route::group(['middleware' => ['lookup:contact', 'auth:client']], function () { Route::get('view/{invitation_key}', 'ClientPortalController@view'); Route::get('download/{invitation_key}', 'ClientPortalController@download'); Route::put('sign/{invitation_key}', 'ClientPortalController@sign'); @@ -117,7 +117,7 @@ if (Utils::isTravis()) { Route::get('/check_data', 'AppController@checkData'); } -Route::group(['middleware' => ['auth:user', 'lookup']], function () { +Route::group(['middleware' => ['lookup:user', 'auth:user']], function () { Route::get('dashboard', 'DashboardController@index'); Route::get('dashboard_chart_data/{group_by}/{start_date}/{end_date}/{currency_id}/{include_expenses}', 'DashboardController@chartData'); Route::get('set_entity_filter/{entity_type}/{filter?}', 'AccountController@setEntityFilter'); @@ -230,7 +230,7 @@ Route::group(['middleware' => ['auth:user', 'lookup']], function () { }); Route::group([ - 'middleware' => ['auth:user', 'permissions.required', 'lookup'], + 'middleware' => ['lookup:user', 'auth:user', 'permissions.required'], 'permissions' => 'admin', ], function () { Route::get('api/users', 'UserController@getDatatable'); @@ -295,7 +295,7 @@ Route::group([ Route::get('self-update/download', 'SelfUpdateController@download'); }); -Route::group(['middleware' => ['auth:user', 'lookup']], function () { +Route::group(['middleware' => ['lookup:user', 'auth:user']], function () { Route::get('settings/{section?}', 'AccountController@showSection'); }); diff --git a/app/Models/LookupModel.php b/app/Models/LookupModel.php index d690247ca616..0133909cf931 100644 --- a/app/Models/LookupModel.php +++ b/app/Models/LookupModel.php @@ -41,6 +41,46 @@ class LookupModel extends Eloquent config(['database.default' => $current]); } + public static function setServerByField($field, $value) + { + if (! env('MULTI_DB_ENABLED')) { + return; + } + + $className = get_called_class(); + $className = str_replace('Lookup', '', $className); + $key = sprintf('server:%s:%s:%s', $className, $field, $value); + + // check if we've cached this lookup + if ($server = session($key)) { + static::setDbServer($server); + return; + } + + $current = config('database.default'); + config(['database.default' => DB_NINJA_LOOKUP]); + + if ($lookupUser = static::where($field, '=', $value)->first()) { + $server = $lookupUser->getDbServer(); + static::setDbServer($server); + + $entity = new $className(); + if (! $entity::where($field, '=', $value)->first()) { + abort("Looked up {$className} not found: {$field} => {$value}"); + } + + session([$key => $server]); + } else { + config(['database.default' => $current]); + } + } + + public static function setDbServer($server) + { + session(['SESSION_USER_DB_SERVER' => $server]); + config(['database.default' => $server]); + } + public function getDbServer() { return $this->lookupAccount->lookupCompany->dbServer->name; diff --git a/app/Models/LookupUser.php b/app/Models/LookupUser.php index 665d89a3f2ad..9ba87158bf8b 100644 --- a/app/Models/LookupUser.php +++ b/app/Models/LookupUser.php @@ -19,25 +19,4 @@ class LookupUser extends LookupModel 'user_id', ]; - public static function setServerByEmail($email) - { - if (! env('MULTI_DB_ENABLED')) { - return; - } - - $current = config('database.default'); - config(['database.default' => DB_NINJA_LOOKUP]); - - if ($lookupUser = static::whereEmail($email)->first()) { - $server = $lookupUser->getDbServer(); - session(['SESSION_DB_SERVER' => $server]); - config(['database.default' => $server]); - - if (! User::whereEmail($email)->first()) { - abort('Lookedup user not found: ' . $email); - } - } else { - config(['database.default' => $current]); - } - } }