/* * API Filter: checks every API request for authentication */ Route::filter('private_api', function () { if (isset($_SERVER['PHP_AUTH_USER'])) { $key = Apikey::where('user_id', '=', $_SERVER['PHP_AUTH_USER'])->where('api_key', '=', $_SERVER['PHP_AUTH_PW'])->first(); if ($key) { $user = ApiUser::getInstance(); $user->user_id = $key->user_id; $user->user_fp = $key->user_fp; $user->readonly = $key->readonly; } else { return Response::authHeader(); } } else { return Response::authHeader(); } }); /* * API Filter: checks if API key is readonly */ Route::filter('check_readonly', function () { if (ApiUser::getInstance()->readonly == 1) { App::abort(405, "Your key is readonly"); } }); Route::filter('csrf', function () { if (BaseController::userId() != 1 && Input::get('token') != BaseController::sessionGet('token')) { App::abort(403, "Invalid csrf token"); } });
public function userFp() { return ApiUser::getInstance()->user_fp; }