/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register') || $request->is('api/v1/oauth_login'); $headers = Utils::getApiHeaders(); $hasApiSecret = false; if ($secret = env(API_SECRET)) { $requestSecret = Request::header('X-Ninja-Secret') ?: ($request->api_secret ?: ''); $hasApiSecret = hash_equals($requestSecret, $secret); } if ($loggingIn) { // check API secret if (!$hasApiSecret) { sleep(ERROR_DELAY); return Response::json('Invalid value for API_SECRET', 403, $headers); } } else { // check for a valid token $token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']); // check if user is archived if ($token && $token->user) { Auth::onceUsingId($token->user_id); Session::set('token_id', $token->id); } else { sleep(ERROR_DELAY); return Response::json('Invalid token', 403, $headers); } } if (!Utils::isNinja() && !$loggingIn) { return $next($request); } if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) { return Response::json('API requires pro plan', 403, $headers); } else { $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp(); // http://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users $hour = 60 * 60; $hour_limit = 100; # users are limited to 100 requests/hour $hour_throttle = Cache::get("hour_throttle:{$key}", null); $last_api_request = Cache::get("last_api_request:{$key}", 0); $last_api_diff = time() - $last_api_request; if (is_null($hour_throttle)) { $new_hour_throttle = 0; } else { $new_hour_throttle = $hour_throttle - $last_api_diff; $new_hour_throttle = $new_hour_throttle < 0 ? 0 : $new_hour_throttle; $new_hour_throttle += $hour / $hour_limit; $hour_hits_remaining = floor(($hour - $new_hour_throttle) * $hour_limit / $hour); $hour_hits_remaining = $hour_hits_remaining >= 0 ? $hour_hits_remaining : 0; } if ($new_hour_throttle > $hour) { $wait = ceil($new_hour_throttle - $hour); sleep(1); return Response::json("Please wait {$wait} second(s)", 403, $headers); } Cache::put("hour_throttle:{$key}", $new_hour_throttle, 10); Cache::put("last_api_request:{$key}", time(), 10); } return $next($request); }
/** * Stores new account * */ public function save($tokenPublicId = false) { if (Auth::user()->account->isPro()) { $rules = ['name' => 'required']; if ($tokenPublicId) { $token = AccountToken::where('account_id', '=', Auth::user()->account_id)->where('public_id', '=', $tokenPublicId)->firstOrFail(); } $validator = Validator::make(Input::all(), $rules); if ($validator->fails()) { return Redirect::to($tokenPublicId ? 'tokens/edit' : 'tokens/create')->withInput()->withErrors($validator); } if ($tokenPublicId) { $token->name = trim(Input::get('name')); } else { $token = AccountToken::createNew(); $token->name = trim(Input::get('name')); $token->token = str_random(RANDOM_KEY_LENGTH); } $token->save(); if ($tokenPublicId) { $message = trans('texts.updated_token'); } else { $message = trans('texts.created_token'); } Session::flash('message', $message); } return Redirect::to('settings/' . ACCOUNT_API_TOKENS); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $loggingIn = $request->is('api/v1/login'); $headers = Utils::getApiHeaders(); if ($loggingIn) { // do nothing } else { // check for a valid token $token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']); if ($token) { Auth::loginUsingId($token->user_id); Session::set('token_id', $token->id); } else { sleep(3); return Response::json('Invalid token', 403, $headers); } } if (!Utils::isNinja() && !$loggingIn) { return $next($request); } if (!Utils::isPro() && !$loggingIn) { return Response::json('API requires pro plan', 403, $headers); } else { $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp(); // http://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users $hour = 60 * 60; $hour_limit = 100; # users are limited to 100 requests/hour $hour_throttle = Cache::get("hour_throttle:{$key}", null); $last_api_request = Cache::get("last_api_request:{$key}", 0); $last_api_diff = time() - $last_api_request; if (is_null($hour_throttle)) { $new_hour_throttle = 0; } else { $new_hour_throttle = $hour_throttle - $last_api_diff; $new_hour_throttle = $new_hour_throttle < 0 ? 0 : $new_hour_throttle; $new_hour_throttle += $hour / $hour_limit; $hour_hits_remaining = floor(($hour - $new_hour_throttle) * $hour_limit / $hour); $hour_hits_remaining = $hour_hits_remaining >= 0 ? $hour_hits_remaining : 0; } if ($new_hour_throttle > $hour) { $wait = ceil($new_hour_throttle - $hour); sleep(1); return Response::json("Please wait {$wait} second(s)", 403, $headers); } Cache::put("hour_throttle:{$key}", $new_hour_throttle, 10); Cache::put("last_api_request:{$key}", time(), 10); } return $next($request); }
/** * Stores new account * */ public function save($tokenPublicId = false) { if (Auth::user()->account->isPro()) { $rules = ['name' => 'required']; if ($tokenPublicId) { $token = AccountToken::where('account_id', '=', Auth::user()->account_id)->where('public_id', '=', $tokenPublicId)->firstOrFail(); } $validator = Validator::make(Input::all(), $rules); if ($validator->fails()) { return Redirect::to($tokenPublicId ? 'tokens/edit' : 'tokens/create')->withInput()->withErrors($validator); } if ($tokenPublicId) { $token->name = trim(Input::get('name')); } else { $lastToken = AccountToken::withTrashed()->where('account_id', '=', Auth::user()->account_id)->orderBy('public_id', 'DESC')->first(); $token = AccountToken::createNew(); $token->name = trim(Input::get('name')); $token->token = str_random(RANDOM_KEY_LENGTH); $token->public_id = $lastToken ? $lastToken->public_id + 1 : 1; } $token->save(); if ($tokenPublicId) { $message = trans('texts.updated_token'); } else { $message = trans('texts.created_token'); } Session::flash('message', $message); } return Redirect::to('company/advanced_settings/token_management'); }
public function createTokens($user, $name) { $name = trim($name) ?: 'TOKEN'; $users = $this->findUsers($user); foreach ($users as $user) { if ($token = AccountToken::whereUserId($user->id)->whereName($name)->first()) { continue; } $token = AccountToken::createNew($user); $token->name = $name; $token->token = str_random(RANDOM_KEY_LENGTH); $token->save(); } }
public function createToken($name) { $token = AccountToken::createNew(); $token->name = trim($name) ?: 'TOKEN'; $token->token = str_random(RANDOM_KEY_LENGTH); $token->save(); return $token->token; }