Added user action validation to market connection

app/Http/Controllers/Settings/MainController.php

@@ -476,27 +476,64 @@ input(type=\"imtcp\" port=\"514\")";
         return respond("Başarıyla Kaydedildi!");
     }
 
-    public function connectMarket()
+    public function redirectMarket()
     {
-        $client = new Client(['verify' => false]);
-
-        $params = [
-            "code" => request('code'),
-            "grant_type" => "authorization_code",
-            "redirect_uri" => env('APP_URL') . '/api/market/bagla',
-            "client_id" => env('MARKET_CLIENT_ID'),
-            "client_secret" => env('MARKET_CLIENT_SECRET'),
-        ];
-        $res = $client->request(
-            'POST',
-            'https://' . env('MARKET_URL') . '/connect/token',
-            ["form_params" => $params]
+        session([
+            "market_auth_started" => true,
+        ]);
+        return redirect(
+            "https://" .
+                env('MARKET_URL') .
+                "/connect/authorize?response_type=code&scope=offline_access+user_api&redirect_uri=" .
+                urlencode(env('APP_URL') . '/api/market/bagla') .
+                "&client_id=" .
+                env('MARKET_CLIENT_ID')
         );
+    }
+
+    public function connectMarket()
+    {
+        if (!session("market_auth_started", false)) {
+            abort(504, "Geçersiz istek!");
+        }
+        session([
+            "market_auth_started" => false,
+        ]);
+        try {
+            $client = new Client(['verify' => false]);
+
+            $params = [
+                "code" => request('code'),
+                "grant_type" => "authorization_code",
+                "redirect_uri" => env('APP_URL') . '/api/market/bagla',
+                "client_id" => env('MARKET_CLIENT_ID'),
+                "client_secret" => env('MARKET_CLIENT_SECRET'),
+            ];
+            $res = $client->request(
+                'POST',
+                'https://' . env('MARKET_URL') . '/connect/token',
+                ["form_params" => $params]
+            );
+        } catch (BadResponseException $e) {
+            abort(504, "Market hesabınız bağlanırken bir hata oluştu!");
+        }
+
         $json = json_decode((string) $res->getBody());
+        $requiredScopes = ["user_api", "offline_access"];
+        $currentScopes = explode(" ", $json->scope);
+
+        if ($requiredScopes != $currentScopes) {
+            abort(
+                504,
+                "Gerekli izinleri vermediğiniz için işleminizi gerçekleştiremiyoruz."
+            );
+        }
+
         setEnv([
             "MARKET_ACCESS_TOKEN" => $json->access_token,
             "MARKET_REFRESH_TOKEN" => $json->refresh_token,
         ]);
+
         return redirect(route('settings') . "#limanMarket");
     }
 

app/Http/Controllers/Settings/_routes.php

@@ -48,7 +48,12 @@ Route::post('/ayar/log/kaydet', 'Settings\MainController@saveLogSystem')
     ->name('save_log_system')
     ->middleware('admin');
 
-Route::get('/market/baglaAuth','Settings\MainController@connectMarket')->name('connect_market')->middleware('admin');
+Route::get('/market/yonlendir', 'Settings\MainController@redirectMarket')
+    ->name('redirect_market')
+    ->middleware('admin');
+Route::get('/market/baglaAuth', 'Settings\MainController@connectMarket')
+    ->name('connect_market')
+    ->middleware('admin');
 
 Route::post('/ayar/log/oku', 'Settings\MainController@getLogSystem')
     ->name('get_log_system')
@@ -61,10 +66,7 @@ Route::post(
     ->name('delete_server_group')
     ->middleware('admin');
 
-Route::post(
-    '/ayar/kisitliMod',
-    'Settings\MainController@restrictedMode'
-)
+Route::post('/ayar/kisitliMod', 'Settings\MainController@restrictedMode')
     ->name('restricted_mode_update')
     ->middleware('admin');
 
@@ -113,10 +115,10 @@ Route::post('/sifreDegistir', 'UserController@forcePasswordChange')
     ->middleware('auth')
     ->name('password_change_save');
 
-Route::post('/dnsOku','Settings\MainController@getDNSServers')
+Route::post('/dnsOku', 'Settings\MainController@getDNSServers')
     ->middleware('admin')
     ->name('get_liman_dns_servers');
 
-Route::post('/dnsYaz','Settings\MainController@setDNSServers')
+Route::post('/dnsYaz', 'Settings\MainController@setDNSServers')
     ->middleware('admin')
-    ->name('set_liman_dns_servers');
\ No newline at end of file
+    ->name('set_liman_dns_servers');

resources/views/settings/index.blade.php

@@ -122,7 +122,7 @@
                 @if(env('MARKET_CODE'))
                     Var
                 @else
-                    <a href="https://{{env('MARKET_URL')}}/connect/authorize?response_type=code&scope=offline_access+user_api&redirect_uri={{urlencode(env('APP_URL') . '/api/market/bagla')}}&client_id={{env('MARKET_CLIENT_ID')}}">Tikla</a>
+                    <a href="{{route('redirect_market')}}">Tikla</a>
                 @endif
                     
                 </div>