Merge pull request #13 from nutgram/webapp-middleware

Lukasss93 · web-flow · commit b02fa8751082 · 2023-09-10T22:18:24.000+02:00
diff --git a/src/Middleware/ValidateWebAppData.php b/src/Middleware/ValidateWebAppData.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace Nutgram\Laravel\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use SergiX44\Nutgram\Exception\InvalidDataException;
+use SergiX44\Nutgram\Nutgram;
+
+class ValidateWebAppData
+{
+    public function __construct(protected Nutgram $bot)
+    {
+    }
+
+    public function handle(Request $request, Closure $next): mixed
+    {
+        try {
+            $initData = $request->input('initData', '');
+            $data = $this->bot->validateWebAppData($initData);
+
+            $request->attributes->add(['webAppData' => $data]);
+            return $next($request);
+        } catch (InvalidDataException) {
+            return $this->handleInvalidData($request, $next);
+        }
+    }
+
+    protected function handleInvalidData(Request $request, Closure $next): mixed
+    {
+        abort(403);
+    }
+}
diff --git a/tests/Feature/MiddlewareTest.php b/tests/Feature/MiddlewareTest.php
@@ -0,0 +1,48 @@
+<?php
+
+use Illuminate\Http\Request;
+use Nutgram\Laravel\Middleware\ValidateWebAppData;
+use SergiX44\Nutgram\Nutgram;
+use SergiX44\Nutgram\Telegram\Web\WebAppData;
+use SergiX44\Nutgram\Testing\FakeNutgram;
+use Symfony\Component\HttpKernel\Exception\HttpException;
+
+beforeEach(function () {
+    /** @var FakeNutgram $bot */
+    $this->bot = app(Nutgram::class);
+    $this->request = new Request();
+});
+
+it('validates web app data', function () {
+    $this->request->merge([
+        'initData' => $this->bot->generateWebAppData([
+            'foo' => 'bar',
+            'auth_date' => time(),
+        ])
+    ]);
+
+    $middleware = new ValidateWebAppData($this->bot);
+    $middleware->handle($this->request, function ($request) {
+        expect($request->get('webAppData'))->toBeInstanceOf(WebAppData::class);
+    });
+});
+
+it('fails to validate web app data', function () {
+    $middleware = new ValidateWebAppData($this->bot);
+    $middleware->handle($this->request, function ($request) {
+    });
+})->throws(HttpException::class);
+
+it('fails to validate web app data + custom action', function () {
+    $middleware = new class($this->bot) extends ValidateWebAppData {
+        protected function handleInvalidData(Request $request, Closure $next): mixed
+        {
+            $request->attributes->add(['webAppData' => null]);
+            return $next($request);
+        }
+    };
+
+    $middleware->handle($this->request, function ($request) {
+        expect($request->get('webAppData'))->toBeNull();
+    });
+});
