/** * Authenticate an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle(Request $request, Closure $next) { $_token = $request->input('access-token'); $_clientId = $request->input('client-id'); // Remove these arguments $request->offsetUnset('client-id'); $request->offsetUnset('access-token'); // Just plain ol' bad... if (empty($_token) || empty($_clientId)) { $this->error('bad request: no token or client-id present'); return ErrorPacket::create(Response::HTTP_BAD_REQUEST); } try { $_key = AppKey::byClientId($_clientId)->firstOrFail(); $this->setSigningCredentials($_clientId, $_key->client_secret); } catch (\Exception $_ex) { $this->error('forbidden: invalid "client-id" [' . $_clientId . ']'); return ErrorPacket::create(Response::HTTP_FORBIDDEN, 'Invalid "client-id"'); } if (!$this->verifySignature($_token, $_clientId, $_key->client_secret)) { $this->error('bad request: signature verification fail'); return ErrorPacket::create(Response::HTTP_BAD_REQUEST); } try { $_owner = $this->_locateOwner($_key->owner_id, $_key->owner_type_nbr); } catch (ModelNotFoundException $_ex) { $this->error('unauthorized: invalid "user" assigned to akt#' . $_key->id); return ErrorPacket::create(Response::HTTP_UNAUTHORIZED); } $request->setUserResolver(function () use($_owner) { return $_owner; }); //$this->debug('token validated for client "' . $_clientId . '"'); return parent::handle($request, $next); }
/** * Log all api requests * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle(Request $request, \Closure $next) { try { $this->debug($request->getMethod() . ' ' . $request->getPathInfo()); } catch (\Exception $_ex) { // Ignored. } return parent::handle($request, $next); }