Closed christoferd closed 4 months ago
samuelsih
commented
4 months ago I got this problem before. And after some try and error, i got this working by using the Gate like this.
Gate::define("viewLogViewer", fn () => auth()->user()->isAdmin());instead of this
Gate::define('viewLogViewer', function (?User $user) {
return $user->isAdmin();
});I use the global helper instead of grab the user from the function parameter like in the documentation.
I hope it helps.
dev-mo-ali
commented
4 months ago Hi I would like to add extra thing here, our team have used Cloudflare to limit access to log-viewer url from whitelisted IPs only
arukompas
commented
4 months ago hey all, thanks for bringing this up!
Starting with v3.3.0, Log Viewer will be unauthorized in production by default, if no gate or auth callback is set up.
zoispag
commented
4 months ago I have been using a middleware since forever:
'middleware' => ['web', 'auth', 'role:support|superadmin'],
Now, this is no longer enough! Not great for a non major release.
arukompas
commented
4 months ago I have been using a middleware since forever:
'middleware' => ['web', 'auth', 'role:support|superadmin'],Now, this is no longer enough! Not great for a non major release.
Hey @zoispag , you're not using the \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer middleware, so I don't what exactly is blocking your access here 🤔
The change should only apply to the default installations where the above middleware is applied by default. If you're not using that middleware then you're responsible for the access to the Log Viewer - and looks like you did add it already.
So, it should be working for you just fine 🤔
zoispag
commented
4 months ago It doesn't however. I get 403 when it tries to access the log files. Maybe a bug?
arukompas
commented
4 months ago @zoispag , do you also use the same middleware in api_middleware configuration? Or maybe you're calling LogViewer::auth() somewhere else in the system?
arukompas
commented
4 months ago hey @zoispag , try the new release, v3.3.1 which should fix the issue.
zoispag
commented
4 months ago Hi @arukompas. My published config was apparently a very old one, with no api_middleware in place. So for the API only, it was using \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class which started failing. I updated the api_middleware to
'api_middleware' => [EnsureFrontendRequestsAreStateful::class, 'auth', 'role:support|superadmin'],and now it works. Thanks for pointing me to the direction. Once I removed the AuthorizeLogViewer::class from the api_middleware array, I no longer need to create a Gate for the API to work.
zoispag
commented
4 months ago By the way I would like to apologize for "bitching" earlier. I had a very bad start of the day!
Apologies again and thanks for the quick reaction!! 💪🏼
arukompas
commented
4 months ago @zoispag no worries at all, it kept me on my toes! :)
Enjoy the rest of the week 💪
Hi, I have just installed this using the documentation instructions.
/log-viewer is loading and can see all log files while not logged in on both local and production environments.
I see now that it is set by default to allow everyone to see log files
I followed this to restrict it to only authorized users. https://log-viewer.opcodes.io/docs/3.x/configuration/access-to-log-viewer#authorizing-users
Bug I would say that it's a bug to have a log viewer automatically open to the public. Is there a way to restrict this to logged in users by default?