Beispiel #1
0
 /**
  * Attach a CORS origin header to the given response, if allowed.
  * Returns true if an origin header was set; false, otherwise.
  *
  * @param Response $response
  * @param string   $origin
  * 
  * @return bool
  */
 public static function attachOriginHeader($response, $origin)
 {
     if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
         $response->headers->set('Access-Control-Allow-Origin', $origin);
         return true;
     }
     if ('*' == config('api.cors_allowed_origin', 'client')) {
         $response->headers->set('Access-Control-Allow-Origin', '*');
         return true;
     }
     if ('client' == config('api.cors_allowed_origin', 'client')) {
         $client = Authentication::instance()->client();
         if (empty($client) || empty($client->endpoints())) {
             return false;
         }
         foreach ($client->endpoints() as $endpoint) {
             $parts = parse_url($endpoint);
             if (empty($parts['scheme']) || empty($parts['host'])) {
                 continue;
             }
             $port = '';
             if (array_get($parts, 'port')) {
                 $port = ':' . array_get($parts, 'port');
             }
             $url = $parts['scheme'] . '://' . $parts['host'] . $port;
             if ($origin == $url) {
                 $response->headers->set('Access-Control-Allow-Origin', $url);
                 return true;
             }
         }
     }
     return false;
 }
 /**
  * Make the current resource owner (access_token or Authorization header)
  * the current authenticated user in Laravel.
  *
  * @return void
  */
 protected function bootAuthResourceOwner()
 {
     if (config('api.auth_resource_owner', true) && !Auth::check() && Request::input('access_token', Request::header('Authorization'))) {
         if ($user_id = Authentication::instance()->userId()) {
             Auth::onceUsingId($user_id);
         }
     }
 }
Beispiel #3
0
 /**
  * Ensure the current client has access to the requested scope.
  *
  * @param string $scope
  *
  * @return void
  */
 public static function checkScope($scope)
 {
     if (!Authentication::instance()->checkScope($scope)) {
         static::abort(403, "Access denied to scope: {$scope}");
     }
 }