Пример #1
0
|--------------------------------------------------------------------------
|
| Public API filter provides header based API key authentication and API rate limiting
|
*/
Route::filter('api.auth', function () {
    // do we have an auth header
    $authToken = Request::header('X-Remedy-Auth');
    if (!$authToken) {
        $builder = new ResponseBuilder();
        $builder->setStatus(401, 'missing_api_key', 'No api key given.');
        return $builder->getResponse();
    }
    // does that auth header contain a valid api key
    $apiKey = ApiKey::where('public_key', $authToken)->first();
    if (!$apiKey) {
        $builder = new ResponseBuilder();
        $builder->setStatus(401, 'invalid_api_key', 'Unauthorized request. This event has been logged. Do it 2 more times, I DARE you!');
        return $builder->getResponse();
    }
});
Route::filter('api.rate', function () {
    $authToken = Request::header('X-Remedy-Auth');
    $apiKey = ApiKey::where('public_key', $authToken)->first();
    // check if the api key is over their limit and store / update the cache
    if (!RateLimiter::check($apiKey)) {
        $builder = new ResponseBuilder();
        $builder->setStatus(429, 'rate_limited', 'Too many requests. You have been rate limited, because the internet. ;)');
        return $builder->getResponse();
    }
});
Пример #2
0
Route::post('/user/apikeys', array('uses' => 'AccountController@createApiKey', 'as' => 'create-account-apikey'));
// delete account api key by id
Route::delete('/user/apikeys/{apikey_id}', array('uses' => 'AccountController@deleteApiKey', 'as' => 'delete-account-apikey'));
/**
 * Public API v1 routes
 */
Route::group(['prefix' => 'api/v1', 'before' => 'api.auth|api.rate'], function () {
    /**
     * Get a single product
     */
    Route::get('products/{id}', array('uses' => 'ProductController@getOne'));
    /**
     * Get all / filtered / sorted products
     */
    Route::get('products', array('uses' => 'ProductController@getMany'));
});
/**
 * Public API v2 routes
 */
Route::group(['prefix' => 'api/v{version_number}', 'before' => 'api.auth|api.rate'], function () {
    /**
     * Future API version
     */
    Route::get('{any?}', function () {
        $public_key = Request::header('X-Remedy-Auth');
        $apiKey = ApiKey::where('public_key', $public_key)->first();
        $builder = new ResponseBuilder($apiKey);
        $builder->setStatus(418, 'cool', 'I like where your head is at but mine is not there yet. ;)');
        return $builder->getResponse();
    });
});