[Fix] Internal cron scheduler blocking view responses
Internal cron is now triggered by an axios request from the frontend so it can truly run in a separate request. Fixes #167
This commit is contained in:
+55
-47
@@ -9,6 +9,7 @@
|
||||
use App\Http\Controllers\InvoiceController;
|
||||
use App\Http\Controllers\CustomerController;
|
||||
use App\Http\Controllers\ProductController;
|
||||
use App\Models\Setting;
|
||||
|
||||
Route::middleware('auth')->group(function () {
|
||||
|
||||
@@ -54,8 +55,6 @@
|
||||
// Products
|
||||
Route::get('products', [ProductController::class, 'show'])->name('products');
|
||||
|
||||
|
||||
|
||||
Route::get('timesheets', function () {
|
||||
return Inertia::render('Timesheets');
|
||||
})->name('timesheets');
|
||||
@@ -64,53 +63,62 @@
|
||||
Route::get('proceduralDocumentation', function () {
|
||||
return Inertia::render('ProceduralDocumentation');
|
||||
})->name('proceduralDocumentation');
|
||||
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Web cron route
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Example: GET /webcron?token=SECRET or set header X-WEBCron-Token: SECRET
|
||||
| Configure secret in .env as WEBCRON_SECRET (optional). If no secret is set,
|
||||
| the route is open (not recommended in production).
|
||||
|
|
||||
*/
|
||||
Route::get('/webcron', function (Request $request) {
|
||||
// only allow if scheduling method is webcron
|
||||
$method = \App\Models\Setting::where('key', 'app.schedule_method')->value('value') ?? 'internal';
|
||||
if ($method !== 'webcron') {
|
||||
return response('Not Found', 404);
|
||||
}
|
||||
|
||||
$secret = env('WEBCRON_SECRET', null);
|
||||
|
||||
// basic token protection
|
||||
if ($secret) {
|
||||
$token = $request->query('token') ?? $request->header('X-WEBCron-Token');
|
||||
if (!$token || !hash_equals((string)$secret, (string)$token)) {
|
||||
return response('Forbidden', 403);
|
||||
}
|
||||
}
|
||||
|
||||
// quick throttle to avoid abuse (server-side)
|
||||
$cacheKey = 'caramel_webcron_last_run';
|
||||
if (\Illuminate\Support\Facades\Cache::has($cacheKey)) {
|
||||
return response('Throttled', 429);
|
||||
}
|
||||
Cache::put($cacheKey, true, 55);
|
||||
|
||||
try {
|
||||
Log::info('Triggering scheduler via /webcron route');
|
||||
Artisan::call('schedule:run');
|
||||
return response('OK', 200);
|
||||
} catch (\Throwable $e) {
|
||||
Log::error('Error running scheduler: ' . $e->getMessage());
|
||||
return response('Error', 500);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Web cron route
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Example: GET /webcron?token=SECRET or set header X-WEBCron-Token: SECRET
|
||||
| Configure secret in .env as WEBCRON_SECRET (optional). If no secret is set,
|
||||
| the route is open (not recommended in production).
|
||||
|
|
||||
*/
|
||||
Route::get('/webcron', function (Request $request) {
|
||||
|
||||
// Return early of cron method is set to anything other then 'webcron' or 'request'
|
||||
$method = \App\Models\Setting::where('key', 'app.cron_method')->value('value') ?? 'request';
|
||||
if (!in_array($method, ['webcron', 'request'])) {
|
||||
return response('Not Found', 404);
|
||||
}
|
||||
|
||||
// TODO: Only allow requests from the same host or with the secret token
|
||||
// $clientHost = ;
|
||||
// $serverHost = ;
|
||||
$sameHost = true;
|
||||
|
||||
$secret = env('WEBCRON_SECRET', null);
|
||||
$token = null;
|
||||
if ($secret) {
|
||||
$token = $request->query('token') ?? $request->header('X-WEBCron-Token');
|
||||
}
|
||||
if (
|
||||
!hash_equals((string)$secret, (string)$token) &&
|
||||
!$sameHost
|
||||
) {
|
||||
return response('Forbidden', 403);
|
||||
}
|
||||
|
||||
// Throttle to avoid abuse (server-side)
|
||||
$cacheKey = 'caramel_webcron_last_run';
|
||||
if (\Illuminate\Support\Facades\Cache::has($cacheKey)) {
|
||||
return response('Throttled', 304);
|
||||
}
|
||||
Cache::put($cacheKey, true, 55);
|
||||
|
||||
// Run scheduler
|
||||
try {
|
||||
Log::info('Triggering scheduler via /webcron route');
|
||||
$output = '';
|
||||
Artisan::call('schedule:run');
|
||||
return response('OK', 200);
|
||||
} catch (\Throwable $e) {
|
||||
Log::error('Error running scheduler: ' . $e->getMessage());
|
||||
return response('Error', 500);
|
||||
}
|
||||
});
|
||||
|
||||
require __DIR__ . '/settings.php';
|
||||
require __DIR__ . '/auth.php';
|
||||
|
||||
Reference in New Issue
Block a user