/** * Run all of our preflight tests and authenticate users */ Route::filter('snapi_auth', function ($route) { // check to see if the model we're after actually exists $model = str_singular($route->getParameter('model')); if (class_exists($model)) { // check to see if we have a valid API key if (Input::has('api_key')) { // now check to see if the api_key matches exactly one user in the database if ($user = User::where('api_key', '=', Input::get('api_key'))->firstOrFail()) { // check permissions try { $user = Sentry::getUserProvider()->findById($user->id); $action = str_replace('ApiController@', '', $route->getAction()); $throttle = Sentry::findThrottlerbyUserId($user->id); $banned = $throttle->isBanned(); $suspended = $throttle->isSuspended(); // if the user is activated, has access, and is not banned if (!$user->isActivated()) { // User account has not been activated return Response::json(array('error' => 'Your user account has not been activated.'), 403); } elseif ($banned) { // Banned! return Response::json(array('error' => 'Your account has been banned from having access to this resource.'), 403); } elseif ($suspended) { // Suspended! $time = $throttle->getSuspensionTime(); $minutes = 1 == $time ? 'minute' : 'minutes'; return Response::json(array('error' => "Your account is suspended for {$time} {$minutes}."), 403); } elseif (!$user->hasAccess("{$model}.{$action}")) {