Validate 2FAccount create form only with backend

2025-08-09 05:54:34 +02:00 · 2020-01-09 16:33:32 +01:00
parent 77b6ac3e3f
commit e966b06a2f
5 changed files with 144 additions and 79 deletions
--- a/app/Http/Controllers/QrCodeController.php
+++ b/app/Http/Controllers/QrCodeController.php
@ -2,6 +2,7 @@

 namespace App\Http\Controllers;

+use Validator;
 use Illuminate\Http\Request;
 use Illuminate\Http\File;
 use Illuminate\Support\Facades\Storage;
@ -19,53 +20,74 @@ class QrCodecontroller extends Controller
    public function decode(Request $request)
    {

-        if($request->hasFile('qrcode')){
+        // input validation
+        $messages = [
+            'qrcode.image' => 'Supported format are jpeg, png, bmp, gif, svg, or webp'
+        ];

-            $path = $request->file('qrcode')->store('qrcodes');
+        $validator = Validator::make($request->all(), [
+            'qrcode' => 'required|image',
+        ], $messages);

-            $qrcode = new QrReader(storage_path('app/' . $path));
-            $uri = urldecode($qrcode->text());
-
-            $uriChunks = explode('?', $uri);
-
-            foreach(explode('&', $uriChunks[1]) as $option) {
-                $option = explode('=', $option);
-                $options[$option[0]] = $option[1];
-            }
-
-            $account = $service = '';
-
-            $serviceChunks = explode(':', str_replace('otpauth://totp/', '', $uriChunks[0]));
-
-            if( count($serviceChunks) > 1 ) {
-                $account = $serviceChunks[1];
-            }
-
-            $service = $serviceChunks[0];
-
-            if( strstr( $service, '@') ) {
-                $account = $service;
-                $service = '';
-            }
-
-            if( empty($service) & !empty($options['issuer']) ) {
-                $service = $options['issuer'];
-            }
-
-            $twofaccount = (object) array(
-                'service' => $service,
-                'account' => $account,
-                'uri' => $uri,
-                'icon' => '',
-                'options' => $options
-            );
-
-            Storage::delete($path);
-
-            return response()->json($twofaccount, 201);
+        if ($validator->fails()) {
+            return response()->json(['error' => $validator->errors()], 400);
        }
-        else {
-            return response()->json('no file in $request', 204);
+
+
+        // qrcode analysis
+        $path = $request->file('qrcode')->store('qrcodes');
+        $qrcode = new QrReader(storage_path('app/' . $path));
+        $uri = urldecode($qrcode->text());
+
+        Storage::delete($path);
+
+        if( empty($uri) ) {
+
+            return response()->json([
+                'error' => [
+                   'qrcode' => 'Nothing readable in this QR code 😕'
+                ]
+            ], 400);
+
        }
+
+        $uriChunks = explode('?', $uri);
+
+        foreach(explode('&', $uriChunks[1]) as $option) {
+            $option = explode('=', $option);
+            $options[$option[0]] = $option[1];
+        }
+
+        $account = $service = '';
+
+        $serviceChunks = explode(':', str_replace('otpauth://totp/', '', $uriChunks[0]));
+
+        if( count($serviceChunks) > 1 ) {
+            $account = $serviceChunks[1];
+        }
+
+        $service = $serviceChunks[0];
+
+        if( strstr( $service, '@') ) {
+            $account = $service;
+            $service = '';
+        }
+
+        if( empty($service) & !empty($options['issuer']) ) {
+            $service = $options['issuer'];
+        }
+
+
+        // returned object
+        $twofaccount = (object) array(
+            'service' => $service,
+            'account' => $account,
+            'uri' => $uri,
+            'icon' => '',
+            'options' => $options
+        );
+
+        return response()->json($twofaccount, 201);
    }
+    
 }