public function isAuthorizedForRoute(Request $request, Route $route, $params) { if (is_null($route->tokenLevel) || count($route->tokenLevel) == 0) { return true; } $authorization = explode(' ', $request->headers['AUTHORIZATION']); if (count($authorization) != 2 || strlen($authorization[1]) != 32) { return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_TOKEN); } $value = $authorization[1]; $token = $this->getTokenRepository()->getToken($value); if (is_null($token)) { return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_TOKEN); } if ($token->ip !== $request->getClientIp()) { return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_TOKEN); } if ($token->scope === 'level1' && !is_null($token->customerId) && isset($params['id']) && $params['id'] != $token->customerId) { return JsonErrorResponse::fromKey(JsonErrorResponse::UNAUTHORIZED_REQUEST); } if (in_array($token->scope, $route->tokenLevel)) { return true; } return JsonErrorResponse::fromKey(JsonErrorResponse::UNAUTHORIZED_REQUEST); }