public function isAuthorizedForRoute(Request $request, Route $route, $params)
{
if (is_null($route->tokenLevel) || count($route->tokenLevel) == 0) {
return true;
}
$authorization = explode(' ', $request->headers['AUTHORIZATION']);
if (count($authorization) != 2 || strlen($authorization[1]) != 32) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_TOKEN);
}
$value = $authorization[1];
$token = $this->getTokenRepository()->getToken($value);
if (is_null($token)) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_TOKEN);
}
if ($token->ip !== $request->getClientIp()) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_TOKEN);
}
if ($token->scope === 'level1' && !is_null($token->customerId) && isset($params['id']) && $params['id'] != $token->customerId) {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNAUTHORIZED_REQUEST);
}
if (in_array($token->scope, $route->tokenLevel)) {
return true;
}
return JsonErrorResponse::fromKey(JsonErrorResponse::UNAUTHORIZED_REQUEST);
}
