From e02bbc2de35ce2452e435ed31ac8910f8c7fc418 Mon Sep 17 00:00:00 2001
From: Luca Patera <lucapatera@outlook.it>
Date: Sat, 9 Sep 2023 23:22:39 +0200
Subject: [PATCH 1/4] Add ValidateWebAppData middleware

---
 src/Middleware/ValidateWebAppData.php | 24 ++++++++++++++++++
 tests/Feature/MiddlewareTest.php      | 35 +++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 src/Middleware/ValidateWebAppData.php
 create mode 100644 tests/Feature/MiddlewareTest.php

diff --git a/src/Middleware/ValidateWebAppData.php b/src/Middleware/ValidateWebAppData.php
new file mode 100644
index 0000000..2c4dd94
--- /dev/null
+++ b/src/Middleware/ValidateWebAppData.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Nutgram\Laravel\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use SergiX44\Nutgram\Exception\InvalidDataException;
+use SergiX44\Nutgram\Nutgram;
+
+class ValidateWebAppData
+{
+    public function handle(Request $request, Closure $next)
+    {
+        try {
+            $initData = $request->input('initData', '');
+            $data = app(Nutgram::class)->validateWebAppData($initData);
+
+            $request->attributes->add(['webapp' => $data]);
+            return $next($request);
+        } catch (InvalidDataException) {
+            abort(403);
+        }
+    }
+}
diff --git a/tests/Feature/MiddlewareTest.php b/tests/Feature/MiddlewareTest.php
new file mode 100644
index 0000000..a2e73ea
--- /dev/null
+++ b/tests/Feature/MiddlewareTest.php
@@ -0,0 +1,35 @@
+<?php
+
+use Illuminate\Http\Request;
+use Nutgram\Laravel\Middleware\ValidateWebAppData;
+use SergiX44\Nutgram\Nutgram;
+use SergiX44\Nutgram\Telegram\Web\WebAppData;
+use SergiX44\Nutgram\Testing\FakeNutgram;
+use Symfony\Component\HttpKernel\Exception\HttpException;
+
+beforeEach(function () {
+    $this->request = new Request();
+});
+
+it('validates web app data', function () {
+    /** @var FakeNutgram $bot */
+    $bot = app(Nutgram::class);
+
+    $this->request->merge([
+        'initData' => $bot->generateWebAppData([
+            'foo' => 'bar',
+            'auth_date' => time(),
+        ])
+    ]);
+
+    $middleware = new ValidateWebAppData();
+    $middleware->handle($this->request, function ($request) {
+        expect($request->get('webapp'))->toBeInstanceOf(WebAppData::class);
+    });
+});
+
+it('fails to validate web app data', function () {
+    $middleware = new ValidateWebAppData();
+    $middleware->handle($this->request, function ($request) {
+    });
+})->throws(HttpException::class);

From b7a286f5c762a0fe603e94bb7d310b3b35a87dc0 Mon Sep 17 00:00:00 2001
From: Luca Patera <lucapatera@outlook.it>
Date: Sat, 9 Sep 2023 23:24:44 +0200
Subject: [PATCH 2/4] Fix

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index ebf5dec..2726020 100644
--- a/composer.json
+++ b/composer.json
@@ -30,7 +30,7 @@
   "require": {
     "php": "^8.2",
     "nunomaduro/termwind": "^1.15",
-    "nutgram/nutgram": "^4.2.0"
+    "nutgram/nutgram": "^4.6.0"
   },
   "require-dev": {
     "illuminate/testing": "^9.0|^10.0",

From 0adca00bfbc88b80f2761c7713c88fc42762afc6 Mon Sep 17 00:00:00 2001
From: Luca Patera <lucapatera@outlook.it>
Date: Sun, 10 Sep 2023 12:48:26 +0200
Subject: [PATCH 3/4] Refactor after review

---
 src/Middleware/ValidateWebAppData.php | 15 ++++++++++++---
 tests/Feature/MiddlewareTest.php      | 13 ++++++-------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/Middleware/ValidateWebAppData.php b/src/Middleware/ValidateWebAppData.php
index 2c4dd94..062b836 100644
--- a/src/Middleware/ValidateWebAppData.php
+++ b/src/Middleware/ValidateWebAppData.php
@@ -9,16 +9,25 @@
 
 class ValidateWebAppData
 {
+    public function __construct(protected Nutgram $bot)
+    {
+    }
+
     public function handle(Request $request, Closure $next)
     {
         try {
             $initData = $request->input('initData', '');
-            $data = app(Nutgram::class)->validateWebAppData($initData);
+            $data = $this->bot->validateWebAppData($initData);
 
-            $request->attributes->add(['webapp' => $data]);
+            $request->attributes->add(['webAppData' => $data]);
             return $next($request);
         } catch (InvalidDataException) {
-            abort(403);
+            $this->handleInvalidData($request, $next);
         }
     }
+
+    protected function handleInvalidData(Request $request, Closure $next): void
+    {
+        abort(403);
+    }
 }
diff --git a/tests/Feature/MiddlewareTest.php b/tests/Feature/MiddlewareTest.php
index a2e73ea..6c4f627 100644
--- a/tests/Feature/MiddlewareTest.php
+++ b/tests/Feature/MiddlewareTest.php
@@ -8,28 +8,27 @@
 use Symfony\Component\HttpKernel\Exception\HttpException;
 
 beforeEach(function () {
+    /** @var FakeNutgram $bot */
+    $this->bot = app(Nutgram::class);
     $this->request = new Request();
 });
 
 it('validates web app data', function () {
-    /** @var FakeNutgram $bot */
-    $bot = app(Nutgram::class);
-
     $this->request->merge([
-        'initData' => $bot->generateWebAppData([
+        'initData' => $this->bot->generateWebAppData([
             'foo' => 'bar',
             'auth_date' => time(),
         ])
     ]);
 
-    $middleware = new ValidateWebAppData();
+    $middleware = new ValidateWebAppData($this->bot);
     $middleware->handle($this->request, function ($request) {
-        expect($request->get('webapp'))->toBeInstanceOf(WebAppData::class);
+        expect($request->get('webAppData'))->toBeInstanceOf(WebAppData::class);
     });
 });
 
 it('fails to validate web app data', function () {
-    $middleware = new ValidateWebAppData();
+    $middleware = new ValidateWebAppData($this->bot);
     $middleware->handle($this->request, function ($request) {
     });
 })->throws(HttpException::class);

From 710545fb370dc34b3148ef82e093353c97373edb Mon Sep 17 00:00:00 2001
From: Luca Patera <lucapatera@outlook.it>
Date: Sun, 10 Sep 2023 16:53:18 +0200
Subject: [PATCH 4/4] Fix handleInvalidData allowing possible return of the
 next request in the middleware chain

---
 src/Middleware/ValidateWebAppData.php |  6 +++---
 tests/Feature/MiddlewareTest.php      | 14 ++++++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/Middleware/ValidateWebAppData.php b/src/Middleware/ValidateWebAppData.php
index 062b836..d2ffc5d 100644
--- a/src/Middleware/ValidateWebAppData.php
+++ b/src/Middleware/ValidateWebAppData.php
@@ -13,7 +13,7 @@ public function __construct(protected Nutgram $bot)
     {
     }
 
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next): mixed
     {
         try {
             $initData = $request->input('initData', '');
@@ -22,11 +22,11 @@ public function handle(Request $request, Closure $next)
             $request->attributes->add(['webAppData' => $data]);
             return $next($request);
         } catch (InvalidDataException) {
-            $this->handleInvalidData($request, $next);
+            return $this->handleInvalidData($request, $next);
         }
     }
 
-    protected function handleInvalidData(Request $request, Closure $next): void
+    protected function handleInvalidData(Request $request, Closure $next): mixed
     {
         abort(403);
     }
diff --git a/tests/Feature/MiddlewareTest.php b/tests/Feature/MiddlewareTest.php
index 6c4f627..0e6414a 100644
--- a/tests/Feature/MiddlewareTest.php
+++ b/tests/Feature/MiddlewareTest.php
@@ -32,3 +32,17 @@
     $middleware->handle($this->request, function ($request) {
     });
 })->throws(HttpException::class);
+
+it('fails to validate web app data + custom action', function () {
+    $middleware = new class($this->bot) extends ValidateWebAppData {
+        protected function handleInvalidData(Request $request, Closure $next): mixed
+        {
+            $request->attributes->add(['webAppData' => null]);
+            return $next($request);
+        }
+    };
+
+    $middleware->handle($this->request, function ($request) {
+        expect($request->get('webAppData'))->toBeNull();
+    });
+});