From f501a42e35ed61ed84cae7cc84eaefc723cd20dd Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 28 Apr 2021 13:12:51 +1000
Subject: [PATCH] Fixes for domain validation

---
 app/Http/Controllers/SubdomainController.php   | 18 +++++++++++++++++-
 .../Requests/Company/StoreCompanyRequest.php   |  4 +++-
 .../Requests/Company/UpdateCompanyRequest.php  |  2 ++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/SubdomainController.php b/app/Http/Controllers/SubdomainController.php
index 9606da46187f..3c9fe350e754 100644
--- a/app/Http/Controllers/SubdomainController.php
+++ b/app/Http/Controllers/SubdomainController.php
@@ -15,6 +15,22 @@ use App\Libraries\MultiDB;
 
 class SubdomainController extends BaseController
 {
+    private $protected = [
+        'www',
+        'v5-app1',
+        'v5-app2',
+        'v5-db1',
+        'v5-db2',
+        'app',
+        'ninja',
+        'sentry',
+        'staging',
+        'pdf',
+        'demo',
+        'docs',
+        'client_domain',
+        'custom_domain',
+    ];
 
     public function __construct()
     {
@@ -29,7 +45,7 @@ class SubdomainController extends BaseController
     public function index()
     {
 
-        if( MultiDB::findAndSetDbByDomain(request()->input('subdomain')) )
+        if(in_array(request()->input('subdomain'), $this->protected) || MultiDB::findAndSetDbByDomain(request()->input('subdomain')))
             return response()->json(['message' => 'Domain not available'] , 401);
 
         return response()->json(['message' => 'Domain available'], 200);
diff --git a/app/Http/Requests/Company/StoreCompanyRequest.php b/app/Http/Requests/Company/StoreCompanyRequest.php
index 9c1cead003cf..bfa2c593f5b0 100644
--- a/app/Http/Requests/Company/StoreCompanyRequest.php
+++ b/app/Http/Requests/Company/StoreCompanyRequest.php
@@ -34,13 +34,15 @@ class StoreCompanyRequest extends Request
 
     public function rules()
     {
+        $input = $this->all();
+
         $rules = [];
 
         $rules['name'] = new ValidCompanyQuantity();
         $rules['company_logo'] = 'mimes:jpeg,jpg,png,gif|max:10000'; // max 10000kb
         $rules['settings'] = new ValidSettingsRule();
 
-        if (isset($rules['portal_mode']) && ($rules['portal_mode'] == 'domain' || $rules['portal_mode'] == 'iframe')) {
+        if (isset($input['portal_mode']) && ($input['portal_mode'] == 'domain' || $input['portal_mode'] == 'iframe')) {
             $rules['portal_domain'] = 'sometimes|url';
         } else {
             $rules['portal_domain'] = 'nullable|alpha_num';
diff --git a/app/Http/Requests/Company/UpdateCompanyRequest.php b/app/Http/Requests/Company/UpdateCompanyRequest.php
index cca073724822..bd1b24bf8528 100644
--- a/app/Http/Requests/Company/UpdateCompanyRequest.php
+++ b/app/Http/Requests/Company/UpdateCompanyRequest.php
@@ -32,6 +32,8 @@ class UpdateCompanyRequest extends Request
 
     public function rules()
     {
+        $input = $this->all();
+        
         $rules = [];
 
         $rules['company_logo'] = 'mimes:jpeg,jpg,png,gif|max:10000'; // max 10000kb