/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
//Get the Console API Key
$consoleApiKey = AccessCheck::getConsoleApiKey($request);
// Get limits
if (config('df.standalone') === true || $consoleApiKey === Managed::getConsoleKey()) {
return $next($request);
} else {
$limits = Managed::getLimits();
// The limits array comes across from the console as a bunch of Std Objects, need to turn it back
// into an array
$limits['api'] = (array) $limits['api'];
foreach (array_keys($limits['api']) as $key) {
$limits['api'][$key] = (array) $limits['api'][$key];
}
}
if (!empty($limits) && is_null($this->_getServiceName()) === false) {
$this->_inUnitTest = \Config::get('api_limits_test');
$userName = $this->_getUser(Session::getCurrentUserId());
$userRole = $this->_getRole(Session::getRoleId());
$apiName = $this->_getApiKey(Session::getApiKey());
$serviceName = $this->_getServiceName();
$clusterName = Managed::getClusterName();
// Build the list of API Hits to check
$apiKeysToCheck = ['cluster.default' => 0, 'instance.default' => 0];
$serviceKeys[$serviceName] = 0;
if (is_null($userRole) === false) {
$serviceKeys[$serviceName . '.' . $userRole] = 0;
}
if (is_null($userName) === false) {
$serviceKeys[$serviceName . '.' . $userName] = 0;
}
if (is_null($apiName) === false) {
$apiKeysToCheck[$apiName] = 0;
if (is_null($userRole) === false) {
$apiKeysToCheck[$apiName . '.' . $userRole] = 0;
}
if (is_null($userName) === false) {
$apiKeysToCheck[$apiName . '.' . $userName] = 0;
}
foreach ($serviceKeys as $key => $value) {
$apiKeysToCheck[$apiName . '.' . $key] = $value;
}
}
if (is_null($clusterName) === false) {
$apiKeysToCheck[$clusterName] = 0;
if (is_null($userRole) === false) {
$apiKeysToCheck[$clusterName . '.' . $userRole] = 0;
}
if (is_null($userName) === false) {
$apiKeysToCheck[$clusterName . '.' . $userName] = 0;
}
foreach ($serviceKeys as $key => $value) {
$apiKeysToCheck[$clusterName . '.' . $key] = $value;
}
}
if (is_null($userName) === false) {
$apiKeysToCheck[$userName] = 0;
}
if (is_null($userRole) === false) {
$apiKeysToCheck[$userRole] = 0;
}
$apiKeysToCheck = array_merge($apiKeysToCheck, $serviceKeys);
$timePeriods = ['minute', 'hour', 'day', '7-day', '30-day'];
$overLimit = false;
try {
foreach (array_keys($apiKeysToCheck) as $key) {
foreach ($timePeriods as $period) {
$keyToCheck = $key . '.' . $period;
if (array_key_exists($keyToCheck, $limits['api']) === true) {
$cacheValue = \Cache::get($keyToCheck, 0);
$cacheValue++;
\Cache::put($keyToCheck, $cacheValue, $limits['api'][$keyToCheck]['period']);
if ($cacheValue > $limits['api'][$keyToCheck]['limit']) {
$overLimit = true;
}
}
}
}
} catch (\Exception $e) {
return ResponseFactory::getException(new InternalServerErrorException('Unable to update cache'), $request);
}
if ($overLimit === true) {
return ResponseFactory::getException(new TooManyRequestsException('Specified connection limit exceeded'), $request);
}
}
return $next($request);
}
/**
* @param Request $request
* @param Closure $next
*
* @return array|mixed|string
*/
public function handle($request, Closure $next)
{
try {
static::setExceptions();
//Get the api key.
$apiKey = static::getApiKey($request);
Session::setApiKey($apiKey);
$appId = App::getAppIdByApiKey($apiKey);
//Get the JWT.
$token = static::getJwt($request);
Session::setSessionToken($token);
//Get the Console API Key
$consoleApiKey = static::getConsoleApiKey($request);
//Check for basic auth attempt.
$basicAuthUser = $request->getUser();
$basicAuthPassword = $request->getPassword();
if (config('df.managed') && !empty($consoleApiKey) && $consoleApiKey === Managed::getConsoleKey()) {
//DFE Console request
return $next($request);
} elseif (!empty($basicAuthUser) && !empty($basicAuthPassword)) {
//Attempting to login using basic auth.
Auth::onceBasic();
/** @var User $authenticatedUser */
$authenticatedUser = Auth::user();
if (!empty($authenticatedUser)) {
$userId = $authenticatedUser->id;
Session::setSessionData($appId, $userId);
} else {
throw new UnauthorizedException('Unauthorized. User credentials did not match.');
}
} elseif (!empty($token)) {
//JWT supplied meaning an authenticated user session/token.
try {
JWTAuth::setToken($token);
/** @type Payload $payload */
$payload = JWTAuth::getPayload();
JWTUtilities::verifyUser($payload);
$userId = $payload->get('user_id');
Session::setSessionData($appId, $userId);
} catch (TokenExpiredException $e) {
JWTUtilities::clearAllExpiredTokenMaps();
if (!static::isException($request)) {
throw new UnauthorizedException($e->getMessage());
}
} catch (TokenBlacklistedException $e) {
throw new ForbiddenException($e->getMessage());
} catch (TokenInvalidException $e) {
throw new BadRequestException('Invalid token: ' . $e->getMessage(), 401);
}
} elseif (!empty($apiKey)) {
//Just Api Key is supplied. No authenticated session
Session::setSessionData($appId);
} elseif (static::isException($request)) {
//Path exception.
return $next($request);
} else {
throw new BadRequestException('Bad request. No token or api key provided.');
}
if (static::isAccessAllowed()) {
return $next($request);
} elseif (static::isException($request)) {
//API key and/or (non-admin) user logged in, but if access is still not allowed then check for exception case.
return $next($request);
} else {
if (!Session::isAuthenticated()) {
throw new UnauthorizedException('Unauthorized.');
} else {
throw new ForbiddenException('Access Forbidden.');
}
}
} catch (\Exception $e) {
return ResponseFactory::getException($e, $request);
}
}
