feat: Octane domain middleware + fix catch-all route conflicts
DomainScope middleware checks Host header per-request — Octane-safe.
Applied to Api homepage (scoped to api.lthn.io). Explorer and Docs
subdomain routes stay disabled — catch-all routes like /{section}/{page?}
match before middleware runs, breaking other routes. These modules
need own containers for proper domain isolation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
parent
41a13e6ef4
commit
4f72d62146
5 changed files with 56 additions and 21 deletions
45
app/Http/Middleware/DomainScope.php
Normal file
45
app/Http/Middleware/DomainScope.php
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
/**
|
||||
* Octane-compatible domain scoping middleware.
|
||||
*
|
||||
* Checks the Host header per-request and returns 404 if the
|
||||
* request domain doesn't match the allowed patterns. This
|
||||
* replaces $_SERVER['HTTP_HOST'] checks at route registration
|
||||
* time, which don't work with Octane (routes registered once).
|
||||
*
|
||||
* Usage in route files:
|
||||
* Route::middleware('domain:explorer.lthn.io')->group(...)
|
||||
* Route::middleware('domain:docs.lthn.io,docs.test')->group(...)
|
||||
*/
|
||||
class DomainScope
|
||||
{
|
||||
public function handle(Request $request, Closure $next, string ...$domains): mixed
|
||||
{
|
||||
$host = $request->getHost();
|
||||
|
||||
foreach ($domains as $domain) {
|
||||
// Exact match
|
||||
if ($host === $domain) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
// Wildcard match (e.g., *.lthn.io)
|
||||
if (str_starts_with($domain, '*.')) {
|
||||
$suffix = substr($domain, 1); // .lthn.io
|
||||
if (str_ends_with($host, $suffix)) {
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
abort(404);
|
||||
}
|
||||
}
|
||||
|
|
@ -31,6 +31,7 @@ class Boot
|
|||
app()->singleton(WalletRpc::class);
|
||||
|
||||
app('router')->aliasMiddleware('auth.api', \App\Http\Middleware\ApiTokenAuth::class);
|
||||
app('router')->aliasMiddleware('domain', \App\Http\Middleware\DomainScope::class);
|
||||
}
|
||||
|
||||
public function onConsole(ConsoleBooting $event): void
|
||||
|
|
|
|||
|
|
@ -63,13 +63,8 @@ class Boot extends ServiceProvider
|
|||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php'));
|
||||
|
||||
// Homepage only on API domain
|
||||
$host = $_SERVER['HTTP_HOST'] ?? '';
|
||||
foreach (static::$domains as $pattern) {
|
||||
if (preg_match($pattern, $host)) {
|
||||
$event->routes(fn () => Route::group([], __DIR__ . '/Routes/home.php'));
|
||||
return;
|
||||
}
|
||||
}
|
||||
// Homepage scoped to API domain via middleware
|
||||
$event->routes(fn () => Route::middleware('domain:api.lthn.io,api.lthn.sh')
|
||||
->group(__DIR__ . '/Routes/home.php'));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,23 +5,20 @@ declare(strict_types=1);
|
|||
namespace Website\Docs;
|
||||
|
||||
use Core\Events\DomainResolving;
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Support\Facades\Event;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
|
||||
/**
|
||||
* docs.lthn.io — Lethean documentation site.
|
||||
*
|
||||
* Renders markdown docs with sidebar navigation and search.
|
||||
* On docs.lthn.io: serves at root. On lthn.io: not mounted
|
||||
* (API docs live at /docs via the Lethean Website module).
|
||||
* Routes disabled in shared app — catch-all /{section}/{page?} conflicts
|
||||
* with lthn.io routes even with domain middleware (Laravel matches routes
|
||||
* before middleware runs). Deploy as own container to enable.
|
||||
*/
|
||||
class Boot extends ServiceProvider
|
||||
{
|
||||
public static array $domains = [
|
||||
'/^docs\.lthn\.io$/',
|
||||
'/^docs\.(test|localhost)$/',
|
||||
];
|
||||
|
||||
public static array $listens = [
|
||||
|
|
@ -48,8 +45,4 @@ class Boot extends ServiceProvider
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Routes disabled — docs.lthn.io catch-all /{section}/{page?}
|
||||
// conflicts with other routes when registered unconditionally.
|
||||
// Re-enable when Octane domain middleware is implemented.
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,9 +10,10 @@ use Illuminate\Support\ServiceProvider;
|
|||
|
||||
/**
|
||||
* explorer.lthn.io — block explorer subdomain.
|
||||
* Routes disabled — Mod/Explorer handles /explorer prefix on lthn.io.
|
||||
* Subdomain routing re-enabled when explorer.lthn.io is deployed
|
||||
* with proper Octane domain middleware.
|
||||
*
|
||||
* Root-level routes disabled to prevent conflict with Lethean homepage.
|
||||
* Mod/Explorer handles /explorer prefix on lthn.io.
|
||||
* When deployed to its own container, re-enable routes with domain middleware.
|
||||
*/
|
||||
class Boot extends ServiceProvider
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue