|-------------------------------------------------------------------------- | | Public API filter provides header based API key authentication and API rate limiting | */ Route::filter('api.auth', function () { // do we have an auth header $authToken = Request::header('X-Remedy-Auth'); if (!$authToken) { $builder = new ResponseBuilder(); $builder->setStatus(401, 'missing_api_key', 'No api key given.'); return $builder->getResponse(); } // does that auth header contain a valid api key $apiKey = ApiKey::where('public_key', $authToken)->first(); if (!$apiKey) { $builder = new ResponseBuilder(); $builder->setStatus(401, 'invalid_api_key', 'Unauthorized request. This event has been logged. Do it 2 more times, I DARE you!'); return $builder->getResponse(); } }); Route::filter('api.rate', function () { $authToken = Request::header('X-Remedy-Auth'); $apiKey = ApiKey::where('public_key', $authToken)->first(); // check if the api key is over their limit and store / update the cache if (!RateLimiter::check($apiKey)) { $builder = new ResponseBuilder(); $builder->setStatus(429, 'rate_limited', 'Too many requests. You have been rate limited, because the internet. ;)'); return $builder->getResponse(); } });
Route::post('/user/apikeys', array('uses' => 'AccountController@createApiKey', 'as' => 'create-account-apikey')); // delete account api key by id Route::delete('/user/apikeys/{apikey_id}', array('uses' => 'AccountController@deleteApiKey', 'as' => 'delete-account-apikey')); /** * Public API v1 routes */ Route::group(['prefix' => 'api/v1', 'before' => 'api.auth|api.rate'], function () { /** * Get a single product */ Route::get('products/{id}', array('uses' => 'ProductController@getOne')); /** * Get all / filtered / sorted products */ Route::get('products', array('uses' => 'ProductController@getMany')); }); /** * Public API v2 routes */ Route::group(['prefix' => 'api/v{version_number}', 'before' => 'api.auth|api.rate'], function () { /** * Future API version */ Route::get('{any?}', function () { $public_key = Request::header('X-Remedy-Auth'); $apiKey = ApiKey::where('public_key', $public_key)->first(); $builder = new ResponseBuilder($apiKey); $builder->setStatus(418, 'cool', 'I like where your head is at but mine is not there yet. ;)'); return $builder->getResponse(); }); });