/** * Perform authentication before a request is executed. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param $grant * * @return mixed * @throws AccessDeniedException */ public function handle($request, Closure $next, $grant = null) { $route = $this->router->getCurrentRoute(); /** * FOR (Internal API requests) * @note GRANT(user) will always be able to access routes that are protected by: GRANT(client) * * For OAuth grants from password (i.e. Resource Owner: user) * @Auth will only check once, because user exists in auth afterwards * * For OAuth grants from client_credentials (i.e. Resource Owner: client) * @Auth will always check, because user is never exists in auth */ if (!$this->auth->check(false)) { $this->auth->authenticate($route->getAuthenticationProviders()); $provider = $this->auth->getProviderUsed(); /** @var OAuth2 $provider */ if ($provider instanceof OAuth2) { // check oauth grant type if (!is_null($grant) && $provider->getResourceOwnerType() !== $grant) { throw new AccessDeniedException(); } } // login user through Auth $user = $this->auth->getUser(); if ($user instanceof User) { \Auth::login($user); event(new UserLoggedInEvent($user)); } } return $next($request); }
/** * Perform authentication before a request is executed. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { $route = $this->router->getCurrentRoute(); if (!$this->auth->check(false)) { $this->auth->authenticate($route->getAuthProviders()); } return $next($request); }
/** * Checks if the user has permission to visit the route. * By default it will check if the current route name is in the user permissions. * If $permissions is provided, it will check if the $permission value is in the user permissions * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param null|string $permission * @return mixed */ public function handle($request, Closure $next, $permission = null) { if (is_null($permission)) { $name = $this->router->getCurrentRoute()->getName(); $permission = is_null($name) ? $this->router->getCurrentRoute()->getActionName() : $name; } if (Entrust::can($permission)) { return $next($request); } else { return response('Unauthorized.', 401); } }
/** * Perform rate limiting before a request is executed. * * @param \Dingo\Api\Http\Request $request * @param \Closure $next * * @throws \Symfony\Component\HttpKernel\Exception\HttpException * * @return mixed */ public function handle($request, Closure $next) { $route = $this->router->getCurrentRoute(); if ($route->hasThrottle()) { $this->handler->setThrottle($route->getThrottle()); } $this->handler->rateLimitRequest($request, $route->getRateLimit(), $route->getRateExpiration()); if ($this->handler->exceededRateLimit()) { throw new HttpException(403, 'You have exceeded your rate limit.', null, $this->getHeaders()); } $response = $next($request); if ($this->handler->requestWasRateLimited()) { return $this->responseWithHeaders($response); } return $response; }
/** * Authenticate the current request. * * @param array $providers * * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException * * @return mixed */ public function authenticate(array $providers = []) { $exceptionStack = []; // Spin through each of the registered authentication providers and attempt to // authenticate through one of them. This allows a developer to implement // and allow a number of different authentication mechanisms. foreach ($this->filterProviders($providers) as $provider) { try { $user = $provider->authenticate($this->router->getCurrentRequest(), $this->router->getCurrentRoute()); $this->providerUsed = $provider; return $this->user = $user; } catch (UnauthorizedHttpException $exception) { $exceptionStack[] = $exception; } catch (BadRequestHttpException $exception) { // We won't add this exception to the stack as it's thrown when the provider // is unable to authenticate due to the correct authorization header not // being set. We will throw an exception for this below. } } $this->throwUnauthorizedException($exceptionStack); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed * */ public function handle($request, \Closure $next) { $route = $this->router->getCurrentRoute(); if ($route->usesController()) { /** @var Controller $controller */ $controller = $route->getController(); if (property_exists($controller, 'crsfExclusions') and method_exists($controller, 'getCrsfExclusions')) { $excludedMethodNames = $controller->getCrsfExclusions(); $action = $route->getAction(); $use = isset($action['uses']) ? $action['uses'] : $action['controller']; if (!is_null($use)) { list(, $methods) = explode('@', $use); foreach (explode(',', $methods) as $method) { if (method_exists($controller, $method) and in_array($method, $excludedMethodNames)) { // Skip it! return $next($request); } } } } } parent::handle($request, $next); }
/** * Attempt to dispatch an internal request. * * @param \Dingo\Api\Http\InternalRequest $request * @return mixed * @throws \Exception|\Symfony\Component\HttpKernel\Exception\HttpExceptionInterface */ protected function dispatch(InternalRequest $request) { $this->routeStack[] = $this->router->getCurrentRoute(); try { $response = $this->router->dispatch($request); if (!$response->isSuccessful()) { throw new HttpException($response->getStatusCode(), $response->getOriginalContent()); } } catch (HttpExceptionInterface $exception) { $this->refreshRequestStack(); throw $exception; } $this->refreshRequestStack(); return $response->getOriginalContent(); }
/** * Attempt to dispatch an internal request. * * @param \Dingo\Api\Http\InternalRequest $request * * @throws \Exception|\Symfony\Component\HttpKernel\Exception\HttpExceptionInterface * * @return mixed */ protected function dispatch(InternalRequest $request) { $this->routeStack[] = $this->router->getCurrentRoute(); $this->clearCachedFacadeInstance(); try { $response = $this->router->dispatch($request); if (!$response->isSuccessful()) { throw new InternalHttpException($response); } elseif (!$this->raw) { $response = $response->getOriginalContent(); } } catch (HttpExceptionInterface $exception) { $this->refreshRequestStack(); throw $exception; } $this->refreshRequestStack(); return $response; }