/**
* @param Request $request
* @param Closure $next
*
* @return array|mixed|string
*/
public function handle($request, Closure $next)
{
// Allow console requests through
if (env('DF_IS_VALID_CONSOLE_REQUEST', false)) {
return $next($request);
}
try {
static::setExceptions();
if (static::isAccessAllowed()) {
return $next($request);
} elseif (static::isException($request)) {
//API key and/or (non-admin) user logged in, but if access is still not allowed then check for exception case.
return $next($request);
} else {
$apiKey = Session::getApiKey();
$token = Session::getSessionToken();
if (empty($apiKey) && empty($token)) {
throw new BadRequestException('Bad request. No token or api key provided.');
} elseif (true === Session::get('token_expired')) {
throw new UnauthorizedException(Session::get('token_expired_msg'));
} elseif (true === Session::get('token_blacklisted')) {
throw new ForbiddenException(Session::get('token_blacklisted_msg'));
} elseif (true === Session::get('token_invalid')) {
throw new BadRequestException('Invalid token: ' . Session::get('token_invalid_msg'), 401);
} else {
if (!Role::getCachedInfo(Session::getRoleId(), 'is_active')) {
throw new ForbiddenException("Role is not active.");
} elseif (!Session::isAuthenticated()) {
throw new UnauthorizedException('Unauthorized.');
} else {
throw new ForbiddenException('Access Forbidden.');
}
}
}
} catch (\Exception $e) {
return ResponseFactory::getException($e, $request);
}
}
public static function setSessionData($appId = null, $userId = null)
{
$appInfo = $appId ? App::getCachedInfo($appId) : null;
$userInfo = $userId ? User::getCachedInfo($userId) : null;
$roleId = null;
if (!empty($userId) && !empty($appId)) {
$roleId = static::getRoleIdByAppIdAndUserId($appId, $userId);
}
if (empty($roleId) && !empty($appInfo)) {
$roleId = ArrayUtils::get($appInfo, 'role_id');
}
Session::setUserInfo($userInfo);
Session::put('app.id', $appId);
$roleInfo = $roleId ? Role::getCachedInfo($roleId) : null;
if (!empty($roleInfo)) {
Session::put('role.id', $roleId);
Session::put('role.name', $roleInfo['name']);
Session::put('role.services', $roleInfo['role_service_access_by_role_id']);
}
$systemLookup = Lookup::getCachedLookups();
$systemLookup = !empty($systemLookup) ? $systemLookup : [];
$appLookup = !empty($appInfo['app_lookup_by_app_id']) ? $appInfo['app_lookup_by_app_id'] : [];
$roleLookup = !empty($roleInfo['role_lookup_by_role_id']) ? $roleInfo['role_lookup_by_role_id'] : [];
$userLookup = !empty($userInfo['user_lookup_by_user_id']) ? $userInfo['user_lookup_by_user_id'] : [];
$combinedLookup = LookupKey::combineLookups($systemLookup, $appLookup, $roleLookup, $userLookup);
Session::put('lookup', ArrayUtils::get($combinedLookup, 'lookup'));
Session::put('lookup_secret', ArrayUtils::get($combinedLookup, 'lookup_secret'));
}
