/** * Catch a proxied request * * @param Irto\OAuth2Proxy\ProxyRequest $request * @param Closure $next * * @throws Exception * * @return Irto\OAuth2Proxy\ProxyRequest */ public function request($request, Closure $next) { $response = $request->futureResponse(); $request->session()->start()->then(function () use($response, $request, $next) { $config = $this->server['config']['session']; $session = $request->session(); $response->setCookie(new Cookie($session->getName(), $session->getId(), Carbon::now()->addMinutes($config['lifetime']), $config['path'], $config['domain'], array_get($config, 'secure', false))); try { return $next($request); } catch (\Exception $e) { $session->save(); $this->server->catchException($e, $response); } }, function ($e) use($response) { return $this->server->catchException($e, $response); }); }
/** * * @param Irto\OAuth2Proxy\ProxyRequest $request * @param Closure $next * * @throws Exception * * @return Irto\OAuth2Proxy\ProxyRequest */ public function request($request, Closure $next) { $token = $request->headers()->get('x-xsrf-token'); $config = $this->server['config']['session']; var_dump($token, $request->headers()->all()); if (!$token || $token != $request->session()->token()) { $cookie = new Cookie('XSRF-TOKEN', $request->session()->token(), Carbon::now()->addMinutes($config['lifetime']), '/', null, false, false); $request->futureResponse()->setCookie($cookie); throw new TokenMismatchException(); } else { $response = $next($request); } return $response; }
/** * Catch $request when it is created * * @param Irto\OAuth2Proxy\ProxyRequest $request * @param Closure $next * * @return Irto\OAuth2Proxy\ProxyResponse */ public function request($request, Closure $next) { if ($request->originRequest()->getPath() == $this->server['config']->get('grant_path')) { $this->proxyContent($request); $request->headers()->put('content-length', $this->getContentLength($request)); } else { $session = $request->session(); if ($credentials = $session->get('oauth_grant', false)) { if ($request->originRequest()->getPath() == $this->server['config']->get('revoke_path')) { $request->query()->put('token', $session->get('oauth_grant.access_token', false)); } } else { $credentials = $this->server->getClientCredentials(); } $request->headers()->put('authorization', "{$credentials['token_type']} {$credentials['access_token']}"); } return $next($request); }