Feature to enforce 2FA for staff member using .env variable

MineTrax · Aug 15, 2024 · 089f9b1 · 089f9b1
1 parent e9f2c43
commit 089f9b1
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -4,7 +4,7 @@ APP_ENV=local
 APP_KEY=
 #Set your websuite language by default
 APP_LOCALE=en
-#If you dont want a locale to appear just remove it(transaltions are accepted on our github)
+# If you dont want a locale switcher to appear just make it empty. (transaltions are accepted on our github)
 AVAILABLE_LOCALES=en,es,ru,sk,de,pl,uk,hi,it,zh-hk,zh-cn,ja
 APP_THEME=default
 # Pulse dashboard for health monitoring
@@ -34,11 +34,11 @@ LOG_LEVEL=debug
 LOG_DISCORD_WEBHOOK_URL=
 
 # User Settings
-SETTINGS_CACHE_ENABLED=false
 RANDOM_USER_AVATARS=true
 DISABLE_USER_REGISTRATION=false
 DISABLE_EMAIL_PASSWORD_AUTH=false
 VERIFY_USER_EMAIL=false
+ENFORCE_2FA_FOR_STAFF=false
 
 # User Experience
 PLAYER_SKIN_CHANGER_ENABLED=true
@@ -143,6 +143,7 @@ FILESYSTEM_DISK=local
 MEDIA_DISK=media
 PROFILE_PHOTO_DISK=public
 DOWNLOADS_MODULE_DISK=download
+SETTINGS_CACHE_ENABLED=false
 
 # Database Info
 DB_CONNECTION=mysql

diff --git a/app/Http/Middleware/StaffMember.php b/app/Http/Middleware/StaffMember.php
@@ -28,6 +28,17 @@ public function handle(Request $request, Closure $next)
             return redirect()->back();
         }
 
+        $enforce2fa = config('auth.enforce_2fa_for_staff');
+        if ($enforce2fa && !$user->hasEnabledTwoFactorAuthentication()) {
+            if ($request->wantsJson()) {
+                return response()->json([
+                    'message' => __('Two Factor Authentication is required to access this resource.')
+                ], 403);
+            }
+            return redirect()->route('profile.show')
+                ->with(['toast' => ['type' => 'warning', 'title' => __('Enable Two Factor Authentication'), 'body' => __('2FA should be enabled to access this resource.'), 'milliseconds' => 7000]]);
+        }
+
         return $next($request);
     }
 }
diff --git a/config/auth.php b/config/auth.php
@@ -172,4 +172,15 @@
     |
     */
     'max_cover_photo_size_kb' => env('MAX_USER_COVER_PHOTO_SIZE_KB', 1024),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Enforce Two Factor Authentication for Staff Members
+    |--------------------------------------------------------------------------
+    |
+    | If enabled, this feature will enforce two factor authentication for staff members.
+    | Without enabling 2FA, staff members won't be able to access the admin panel.
+    |
+    */
+    'enforce_2fa_for_staff' => env('ENFORCE_2FA_FOR_STAFF', false),
 ];