/**
* Builds up routes for API authorization in the given router context.
*
* @param Router $router
*/
protected function buildRoutesForAuth(Router $router)
{
$auth = $this->core->auth();
$router->group(['prefix' => 'auth'], function (Router $router) use($auth) {
$router->{$this->getLoginMethod()}($this->getLoginPath(), $auth->getApiRouteLoginAction());
$router->{$this->getLogoutMethod()}($this->getLogoutPath(), $auth->getApiRouteLogoutAction());
});
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param Closure $next
* @param string|null $permission
* @return mixed
*/
public function handle($request, Closure $next, $permission = null)
{
if ($permission && !$this->core->auth()->admin() && !$this->core->auth()->can($permission)) {
if ($this->core->bootChecker()->isCmsApiRequest()) {
return $this->core->api()->error('Permission denied', 403);
}
if ($request->ajax() || $request->wantsJson()) {
return response('Permission denied.', 403);
}
/** @var CoreInterface $core */
$core = app(Component::CORE);
return redirect()->route($core->prefixRoute(NamedRoute::HOME));
}
return $next($request);
}
/**
* Builds up routes for authorization in the given router context.
*
* @param Router $router
*/
protected function buildRoutesForAuth(Router $router)
{
$auth = $this->core->auth();
$router->group(['prefix' => 'auth'], function (Router $router) use($auth) {
$router->get('login', $auth->getRouteLoginAction());
$router->post('login', $auth->getRouteLoginPostAction());
$router->get('logout', $auth->getRouteLogoutAction());
$router->get('password/email', $auth->getRoutePasswordEmailGetAction());
$router->post('password/email', $auth->getRoutePasswordEmailPostAction());
$router->get('password/reset/{token?}', $auth->getRoutePasswordResetGetAction());
$router->post('password/reset', $auth->getRoutePasswordResetPostAction());
});
}
