/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $key = $request->header('token'); if (empty($key)) { return response('Unauthorized.', 401); } $apiKeyModel = new ApiKey(); $apiKey = $apiKeyModel->getByKey($key); if (empty($apiKey)) { return response('Unauthorized.', 401); } return $next($request); }
protected function checkAdmin(Request $request) { $key = $request->header('token'); if (empty($key)) { abort(401, 'Ej, ej, nisi admin!'); } $apiKeyModel = new ApiKey(); $apiKey = $apiKeyModel->getByKey($key); if (empty($apiKey)) { abort(401, 'Ej, ej, nisi admin!'); } $user = User::find($apiKey->user_id); if (empty($user)) { abort(401, 'Ej, ej, nisi admin!'); } if (!$user->admin) { abort(401, 'Ej, ej, nisi admin!'); } }