/**
* Authenticate an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$_token = $request->input('access-token');
$_clientId = $request->input('client-id');
// Remove these arguments
$request->offsetUnset('client-id');
$request->offsetUnset('access-token');
// Just plain ol' bad...
if (empty($_token) || empty($_clientId)) {
$this->error('bad request: no token or client-id present');
return ErrorPacket::create(Response::HTTP_BAD_REQUEST);
}
try {
$_key = AppKey::byClientId($_clientId)->firstOrFail();
$this->setSigningCredentials($_clientId, $_key->client_secret);
} catch (\Exception $_ex) {
$this->error('forbidden: invalid "client-id" [' . $_clientId . ']');
return ErrorPacket::create(Response::HTTP_FORBIDDEN, 'Invalid "client-id"');
}
if (!$this->verifySignature($_token, $_clientId, $_key->client_secret)) {
$this->error('bad request: signature verification fail');
return ErrorPacket::create(Response::HTTP_BAD_REQUEST);
}
try {
$_owner = $this->_locateOwner($_key->owner_id, $_key->owner_type_nbr);
} catch (ModelNotFoundException $_ex) {
$this->error('unauthorized: invalid "user" assigned to akt#' . $_key->id);
return ErrorPacket::create(Response::HTTP_UNAUTHORIZED);
}
$request->setUserResolver(function () use($_owner) {
return $_owner;
});
//$this->debug('token validated for client "' . $_clientId . '"');
return parent::handle($request, $next);
}
/**
* Log all api requests
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle(Request $request, \Closure $next)
{
try {
$this->debug($request->getMethod() . ' ' . $request->getPathInfo());
} catch (\Exception $_ex) {
// Ignored.
}
return parent::handle($request, $next);
}
