|-------------------------------------------------------------------------- | | Public API filter provides header based API key authentication and API rate limiting | */ Route::filter('api.auth', function () { // do we have an auth header $authToken = Request::header('X-Remedy-Auth'); if (!$authToken) { $builder = new ResponseBuilder(); $builder->setStatus(401, 'missing_api_key', 'No api key given.'); return $builder->getResponse(); } // does that auth header contain a valid api key $apiKey = ApiKey::where('public_key', $authToken)->first(); if (!$apiKey) { $builder = new ResponseBuilder(); $builder->setStatus(401, 'invalid_api_key', 'Unauthorized request. This event has been logged. Do it 2 more times, I DARE you!'); return $builder->getResponse(); } }); Route::filter('api.rate', function () { $authToken = Request::header('X-Remedy-Auth'); $apiKey = ApiKey::where('public_key', $authToken)->first(); // check if the api key is over their limit and store / update the cache if (!RateLimiter::check($apiKey)) { $builder = new ResponseBuilder(); $builder->setStatus(429, 'rate_limited', 'Too many requests. You have been rate limited, because the internet. ;)'); return $builder->getResponse(); } });