/**
* Run all of our preflight tests and authenticate users
*/
Route::filter('snapi_auth', function ($route) {
// check to see if the model we're after actually exists
$model = str_singular($route->getParameter('model'));
if (class_exists($model)) {
// check to see if we have a valid API key
if (Input::has('api_key')) {
// now check to see if the api_key matches exactly one user in the database
if ($user = User::where('api_key', '=', Input::get('api_key'))->firstOrFail()) {
// check permissions
try {
$user = Sentry::getUserProvider()->findById($user->id);
$action = str_replace('ApiController@', '', $route->getAction());
$throttle = Sentry::findThrottlerbyUserId($user->id);
$banned = $throttle->isBanned();
$suspended = $throttle->isSuspended();
// if the user is activated, has access, and is not banned
if (!$user->isActivated()) {
// User account has not been activated
return Response::json(array('error' => 'Your user account has not been activated.'), 403);
} elseif ($banned) {
// Banned!
return Response::json(array('error' => 'Your account has been banned from having access to this resource.'), 403);
} elseif ($suspended) {
// Suspended!
$time = $throttle->getSuspensionTime();
$minutes = 1 == $time ? 'minute' : 'minutes';
return Response::json(array('error' => "Your account is suspended for {$time} {$minutes}."), 403);
} elseif (!$user->hasAccess("{$model}.{$action}")) {
