Develop the package

src/Http/Controllers/TwillFirewallController.php

@@ -9,8 +9,8 @@
 use Illuminate\Support\Facades\URL;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Facades\Redirect;
-use A17\Twill\Http\Controllers\Admin\ModuleController;
 use A17\TwillFirewall\Models\TwillFirewall;
+use A17\Twill\Http\Controllers\Admin\ModuleController;
 use A17\TwillFirewall\Repositories\TwillFirewallRepository;
 use A17\TwillFirewall\Support\Facades\TwillFirewall as TwillFirewallFacade;
 
@@ -57,7 +57,7 @@ class TwillFirewallController extends ModuleController
      */
     public function index($parentModuleId = null)
     {
-        $this->generateDomains();
+        app(TwillFirewallRepository::class)->generateDomains();
 
         $this->setIndexOptions();
 
@@ -69,39 +69,6 @@ protected function getViewPrefix(): string|null
         return 'twill-firewall::admin';
     }
 
-    public function generateDomains(): void
-    {
-        if (DB::table('twill_firewall')->count() !== 0) {
-            return;
-        }
-
-        $appDomain = TwillFirewallFacade::getDomain(config('app.url'));
-
-        $currentDomain = TwillFirewallFacade::getDomain(URL::current());
-
-        /** @phpstan-ignore-next-line  */
-        app(TwillFirewallRepository::class)->create([
-            'domain' => '*',
-            'published' => false,
-        ]);
-
-        if (filled($currentDomain)) {
-            /** @phpstan-ignore-next-line  */
-            app(TwillFirewallRepository::class)->create([
-                'domain' => $currentDomain,
-                'published' => false,
-            ]);
-        }
-
-        if (filled($appDomain) && $appDomain !== $currentDomain) {
-            /** @phpstan-ignore-next-line  */
-            app(TwillFirewallRepository::class)->create([
-                'domain' => $appDomain,
-                'published' => false,
-            ]);
-        }
-    }
-
     public function setIndexOptions(): void
     {
         $this->indexOptions = ['create' => !TwillFirewallFacade::allDomainsEnabled()];

src/Models/TwillFirewall.php

@@ -8,7 +8,6 @@
 use A17\Twill\Models\Behaviors\HasRevisions;
 use A17\TwillFirewall\Services\Helpers;
 use Illuminate\Database\Eloquent\Relations\HasMany;
-use A17\TwillFirewall\Models\Behaviors\Encrypt;
 use A17\TwillFirewall\Support\Facades\TwillFirewall as TwillFirewallFacade;
 
 /**
@@ -17,11 +16,10 @@
 class TwillFirewall extends Model
 {
     use HasRevisions;
-    use Encrypt;
 
     protected $table = 'twill_firewall';
 
-    protected $fillable = ['published', 'domain', 'allow', 'block', 'redirect_to', 'allow_laravel_login', 'allow_twill_login'];
+    protected $fillable = ['published', 'domain', 'allow', 'block', 'redirect_to', 'allow_laravel_login', 'allow_twill_login', 'strategy'];
 
     protected $appends = ['domain_string', 'status', 'from_dot_env'];
 
@@ -32,7 +30,9 @@ public function revisions(): HasMany
 
     public function getConfiguredAttribute(): bool
     {
-        return filled($this->allow) || filled($this->block);
+        return TwillFirewallFacade::hasDotEnv() ||
+                $this->strategy === 'allow' && filled($this->allow) ||
+                $this->strategy === 'block' && filled($this->block);
     }
 
     public function getStatusAttribute(): string
@@ -52,4 +52,15 @@ public function getFromDotEnvAttribute(): string
     {
         return TwillFirewallFacade::hasDotEnv() ? 'yes' : 'no';
     }
+
+    public function getDomainStringAttribute(): string|null
+    {
+        $domain = $this->domain;
+
+        if ($domain === '*') {
+            return '* (all domains)';
+        }
+
+        return $domain;
+    }
 }

src/Repositories/TwillFirewallRepository.php

@@ -5,6 +5,9 @@
 use A17\Twill\Repositories\ModuleRepository;
 use A17\Twill\Repositories\Behaviors\HandleRevisions;
 use A17\TwillFirewall\Models\TwillFirewall;
+use A17\TwillFirewall\Support\Facades\TwillFirewall as TwillFirewallFacade;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\URL;
 
 /**
  * @method \Illuminate\Database\Eloquent\Builder published()
@@ -17,4 +20,37 @@ public function __construct(TwillFirewall $model)
     {
         $this->model = $model;
     }
+
+    public function generateDomains(): void
+    {
+        if (DB::table('twill_firewall')->count() !== 0) {
+            return;
+        }
+
+        $appDomain = TwillFirewallFacade::getDomain(config('app.url'));
+
+        $currentDomain = TwillFirewallFacade::getDomain(URL::current());
+
+        /** @phpstan-ignore-next-line  */
+        app(TwillFirewallRepository::class)->create([
+            'domain' => '*',
+            'published' => false,
+        ]);
+
+        if (filled($currentDomain)) {
+            /** @phpstan-ignore-next-line  */
+            app(TwillFirewallRepository::class)->create([
+                'domain' => $currentDomain,
+                'published' => false,
+            ]);
+        }
+
+        if (filled($appDomain) && $appDomain !== $currentDomain) {
+            /** @phpstan-ignore-next-line  */
+            app(TwillFirewallRepository::class)->create([
+                'domain' => $appDomain,
+                'published' => false,
+            ]);
+        }
+    }
 }

src/ServiceProvider.php

@@ -8,7 +8,7 @@
 use A17\Twill\TwillPackageServiceProvider;
 use A17\TwillFirewall\Http\Middleware;
 use A17\TwillFirewall\Services\Helpers;
-use A17\TwillFirewall\Support\TwillFirewall;
+use A17\TwillFirewall\Services\TwillFirewall;
 
 class ServiceProvider extends TwillPackageServiceProvider
 {

src/Services/Helpers.php

@@ -2,7 +2,7 @@
 
 namespace A17\TwillFirewall\Services;
 
-use A17\TwillFirewall\Support\TwillFirewall;
+use A17\TwillFirewall\Services\TwillFirewall;
 
 class Helpers
 {

src/Services/Middleware.php

@@ -0,0 +1,77 @@
+<?php
+
+namespace A17\TwillFirewall\Services;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\RateLimiter;
+use A17\TwillFirewall\Support\Facades\TwillFirewall;
+
+trait Middleware
+{
+    public function middleware(Request $request): mixed
+    {
+        if (!$this->enabled()) {
+            return null;
+        }
+
+        $checkAuth = fn() => $this->checkAuth($request);
+
+        $rateLimitingKey = 'firewall:' . $this->readFromDatabase('allow');
+
+        $response = RateLimiter::attempt(
+            $rateLimitingKey,
+            $perMinute = $this->config('rate-limiting.attemps-per-minute', 5),
+            $checkAuth,
+        );
+
+        if (RateLimiter::tooManyAttempts($rateLimitingKey, $perMinute)) {
+            abort(429, 'Too many attempts. Please wait one minute and try again.');
+        }
+
+        if ($response === null) {
+            RateLimiter::clear($rateLimitingKey);
+        }
+
+        return $response === true ? null : $response;
+    }
+
+    public function checkAuth(Request $request): mixed
+    {
+        if ($this->loggedInWithAuthGuard()) {
+            return true;
+        }
+
+        return TwillFirewall::checkAuth($request, [
+            'allow' => $this->allow(),
+            'block' => $this->block(),
+            'guards' => $this->getAuthGuards(),
+            'routes' => $this->config('routes'),
+        ]);
+    }
+
+    public function loggedInWithAuthGuard(): bool
+    {
+        foreach ($this->getAuthGuards() as $guard) {
+            if (auth($guard)->check()) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public function getAuthGuards(): array
+    {
+        $guards = [];
+
+        foreach ($this->config('database-login', []) as $name => $guard) {
+            $enabled = $this->hasDotEnv() ? $guard['enabled'] ?? false : $this->readFromDatabase("allow_{$name}_login");
+
+            if ($enabled) {
+                $guards[] = $guard['guard'];
+            }
+        }
+
+        return $guards;
+    }
+}