/** * @param Request $request * @param Closure $next * * @return array|mixed|string */ public function handle($request, Closure $next) { // Allow console requests through if (env('DF_IS_VALID_CONSOLE_REQUEST', false)) { return $next($request); } try { static::setExceptions(); if (static::isAccessAllowed()) { return $next($request); } elseif (static::isException($request)) { //API key and/or (non-admin) user logged in, but if access is still not allowed then check for exception case. return $next($request); } else { $apiKey = Session::getApiKey(); $token = Session::getSessionToken(); if (empty($apiKey) && empty($token)) { throw new BadRequestException('Bad request. No token or api key provided.'); } elseif (true === Session::get('token_expired')) { throw new UnauthorizedException(Session::get('token_expired_msg')); } elseif (true === Session::get('token_blacklisted')) { throw new ForbiddenException(Session::get('token_blacklisted_msg')); } elseif (true === Session::get('token_invalid')) { throw new BadRequestException('Invalid token: ' . Session::get('token_invalid_msg'), 401); } else { if (!Role::getCachedInfo(Session::getRoleId(), 'is_active')) { throw new ForbiddenException("Role is not active."); } elseif (!Session::isAuthenticated()) { throw new UnauthorizedException('Unauthorized.'); } else { throw new ForbiddenException('Access Forbidden.'); } } } } catch (\Exception $e) { return ResponseFactory::getException($e, $request); } }
public static function setSessionData($appId = null, $userId = null) { $appInfo = $appId ? App::getCachedInfo($appId) : null; $userInfo = $userId ? User::getCachedInfo($userId) : null; $roleId = null; if (!empty($userId) && !empty($appId)) { $roleId = static::getRoleIdByAppIdAndUserId($appId, $userId); } if (empty($roleId) && !empty($appInfo)) { $roleId = ArrayUtils::get($appInfo, 'role_id'); } Session::setUserInfo($userInfo); Session::put('app.id', $appId); $roleInfo = $roleId ? Role::getCachedInfo($roleId) : null; if (!empty($roleInfo)) { Session::put('role.id', $roleId); Session::put('role.name', $roleInfo['name']); Session::put('role.services', $roleInfo['role_service_access_by_role_id']); } $systemLookup = Lookup::getCachedLookups(); $systemLookup = !empty($systemLookup) ? $systemLookup : []; $appLookup = !empty($appInfo['app_lookup_by_app_id']) ? $appInfo['app_lookup_by_app_id'] : []; $roleLookup = !empty($roleInfo['role_lookup_by_role_id']) ? $roleInfo['role_lookup_by_role_id'] : []; $userLookup = !empty($userInfo['user_lookup_by_user_id']) ? $userInfo['user_lookup_by_user_id'] : []; $combinedLookup = LookupKey::combineLookups($systemLookup, $appLookup, $roleLookup, $userLookup); Session::put('lookup', ArrayUtils::get($combinedLookup, 'lookup')); Session::put('lookup_secret', ArrayUtils::get($combinedLookup, 'lookup_secret')); }