/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
$payload = $this->auth->getPayload();
if ($payload instanceof Payload) {
if (!$payload->get('code')) {
$this->abort(401);
}
if (!Auth::check()) {
$this->abort(400);
}
if ($user = $payload->get('user')) {
if (!isset($user['updated_at']) || $user['updated_at'] != Auth::user()->updated_at) {
$this->abort(401);
}
if ($user['group'] == User::GROUP_DISABLED) {
$this->abort(401);
}
}
}
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// Step 1. Fail immediately if we don't have a token in the request.
if (!($token = $this->auth->setRequest($request)->getToken())) {
return new JsonResponse(['error' => 'authorization required'], Response::HTTP_UNAUTHORIZED);
}
try {
// Step 2. Validate the given token.
$member = $this->auth->authenticate($token);
$permissions = array_merge(['level' => 1000, 'roles' => []], array_get(config('route.permissions'), $request->route()->getName(), []));
// This ensures that super roles are not overwritten by
// route permission configurations.
$permissions['roles'] = array_merge($permissions['roles'], $this->roles);
$level = $permissions['level'];
// Step 3. Check the auth level encoded in the token.
if ($this->auth->getPayload()->get('level') < $level) {
return new JsonResponse(['error' => 'authentication level not high enough'], Response::HTTP_FORBIDDEN);
}
// Step 4. Verify the role(s) of the member.
$roles = $permissions['roles'];
if (!$member->hasRole($roles)) {
return new JsonResponse(['error' => 'invalid permissions'], Response::HTTP_FORBIDDEN);
}
// Step 5. Attach member to the current request.
$request->member = $member;
} catch (TokenExpiredException $e) {
return new JsonResponse(['error' => 'token has expired'], Response::HTTP_FORBIDDEN);
} catch (TokenInvalidException $e) {
return new JsonResponse(['error' => 'token is invalid'], Response::HTTP_FORBIDDEN);
} catch (JWTException $e) {
return new JsonResponse(['error' => 'unknown error'], Response::HTTP_INTERNAL_SERVER_ERROR);
}
// Step 6. ???
if (!$member) {
return new JsonResponse(['error' => 'entity does not exist'], Response::HTTP_INTERNAL_SERVER_ERROR);
}
// Step 7. Profit!
return $next($request);
}
/**
* Get the raw Payload instance.
*
* @param mixed $token
* @return \Tymon\JWTAuth\Payload
* @static
*/
public static function getPayload($token = false)
{
return \Tymon\JWTAuth\JWTAuth::getPayload($token);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @return int
*/
public function handle($request)
{
$token = $this->auth->setRequest($request)->getToken();
$owner_id = env('acl.middleware.owner_id', 'owner_id');
return $this->auth->getPayload($token)->get($owner_id);
}
