Fix handleInvalidData allowing possible return of the next request in the middleware chain

Author: Lukasss93

src/Middleware/ValidateWebAppData.php

@@ -13,7 +13,7 @@ public function __construct(protected Nutgram $bot)
     {
     }
 
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next): mixed
     {
         try {
             $initData = $request->input('initData', '');
@@ -22,11 +22,11 @@ public function handle(Request $request, Closure $next)
             $request->attributes->add(['webAppData' => $data]);
             return $next($request);
         } catch (InvalidDataException) {
-            $this->handleInvalidData($request, $next);
+            return $this->handleInvalidData($request, $next);
         }
     }
 
-    protected function handleInvalidData(Request $request, Closure $next): void
+    protected function handleInvalidData(Request $request, Closure $next): mixed
     {
         abort(403);
     }

tests/Feature/MiddlewareTest.php

@@ -32,3 +32,17 @@
     $middleware->handle($this->request, function ($request) {
     });
 })->throws(HttpException::class);
+
+it('fails to validate web app data + custom action', function () {
+    $middleware = new class($this->bot) extends ValidateWebAppData {
+        protected function handleInvalidData(Request $request, Closure $next): mixed
+        {
+            $request->attributes->add(['webAppData' => null]);
+            return $next($request);
+        }
+    };
+
+    $middleware->handle($this->request, function ($request) {
+        expect($request->get('webAppData'))->toBeNull();
+    });
+});