/*
* API Filter: checks every API request for authentication
*/
Route::filter('private_api', function () {
if (isset($_SERVER['PHP_AUTH_USER'])) {
$key = Apikey::where('user_id', '=', $_SERVER['PHP_AUTH_USER'])->where('api_key', '=', $_SERVER['PHP_AUTH_PW'])->first();
if ($key) {
$user = ApiUser::getInstance();
$user->user_id = $key->user_id;
$user->user_fp = $key->user_fp;
$user->readonly = $key->readonly;
} else {
return Response::authHeader();
}
} else {
return Response::authHeader();
}
});
/*
* API Filter: checks if API key is readonly
*/
Route::filter('check_readonly', function () {
if (ApiUser::getInstance()->readonly == 1) {
App::abort(405, "Your key is readonly");
}
});
Route::filter('csrf', function () {
if (BaseController::userId() != 1 && Input::get('token') != BaseController::sessionGet('token')) {
App::abort(403, "Invalid csrf token");
}
});
