Comments (11)
arukompas
commented on June 10, 2024
2
hey all, thanks for bringing this up!
Starting with v3.3.0, Log Viewer will be unauthorized in production by default, if no gate or auth callback is set up.
from log-viewer.
samuelsih
commented on June 10, 2024
I got this problem before. And after some try and error, i got this working by using the Gate like this.
Gate::define("viewLogViewer", fn () => auth()->user()->isAdmin());instead of this
Gate::define('viewLogViewer', function (?User $user) {
return $user->isAdmin();
});I use the global helper instead of grab the user from the function parameter like in the documentation.
I hope it helps.
from log-viewer.
dev-mo-ali
commented on June 10, 2024
Hi
I would like to add extra thing here, our team have used Cloudflare to limit access to log-viewer url from whitelisted IPs only
from log-viewer.
zoispag
commented on June 10, 2024
I have been using a middleware since forever:
'middleware' => ['web', 'auth', 'role:support|superadmin'],
Now, this is no longer enough! Not great for a non major release.
from log-viewer.
arukompas
commented on June 10, 2024
I have been using a middleware since forever:
'middleware' => ['web', 'auth', 'role:support|superadmin'],Now, this is no longer enough! Not great for a non major release.
Hey @zoispag , you're not using the \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer middleware, so I don't what exactly is blocking your access here 🤔
The change should only apply to the default installations where the above middleware is applied by default. If you're not using that middleware then you're responsible for the access to the Log Viewer - and looks like you did add it already.
So, it should be working for you just fine 🤔
from log-viewer.
zoispag
commented on June 10, 2024
It doesn't however. I get 403 when it tries to access the log files. Maybe a bug?
from log-viewer.
arukompas
commented on June 10, 2024
@zoispag , do you also use the same middleware in api_middleware configuration? Or maybe you're calling LogViewer::auth() somewhere else in the system?
from log-viewer.
arukompas
commented on June 10, 2024
hey @zoispag , try the new release, v3.3.1 which should fix the issue.
from log-viewer.
zoispag
commented on June 10, 2024
Hi @arukompas. My published config was apparently a very old one, with no api_middleware in place. So for the API only, it was using \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class which started failing. I updated the api_middleware to
'api_middleware' => [EnsureFrontendRequestsAreStateful::class, 'auth', 'role:support|superadmin'],and now it works. Thanks for pointing me to the direction. Once I removed the AuthorizeLogViewer::class from the api_middleware array, I no longer need to create a Gate for the API to work.
from log-viewer.
zoispag
commented on June 10, 2024
By the way I would like to apologize for "bitching" earlier.
I had a very bad start of the day!
Apologies again and thanks for the quick reaction!! 💪🏼
from log-viewer.
arukompas
commented on June 10, 2024
@zoispag no worries at all, it kept me on my toes! :)
Enjoy the rest of the week 💪
from log-viewer.
Related Issues (20)
- User does not exists when log opened HOT 6
- [Feature] Is it possible to support schedule scheduling log ??? HOT 1
- No errors, but page does not format correctly HOT 14
- unserialize(): Error at offset 2 of 11 bytes Error in 3.1.1 HOT 16
- Checkboxes on severity dropdown are not visible on safari. HOT 1
- Global search doesn't work with all severities selected
- Class "Opcodes\LogViewer\Level" not found when upgrading from v2 to v3. HOT 2
- Request failed with status code 500: Malformed UTF-8 characters, possibly incorrectly encoded HOT 19
- JsonResource::withoutWrapping() used in controllers changes all other resources I have in my project (as I use Octane) HOT 2
- Newlines to <br> lost in context ouput HOT 2
- All records do not appear and when downloading the file they appear HOT 11
- UI issue HOT 4
- Download file not sending additional headers HOT 13
- Layout issues with more than 4 columns defined
- Log with name access-*.log showing "No results" HOT 1
- Malformed UTF-8 characters, possibly incorrectly encoded Error HOT 3
- Custom theme not working as advertised HOT 2
- Problem downloading logfiles from log viewer page HOT 2
- Lots of raw HTML tags inside Stacktrace HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log-viewer.