/**
* Authenticate an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$_token = $request->input('access-token');
$_clientId = $request->input('client-id');
// Remove these arguments
$request->offsetUnset('client-id');
$request->offsetUnset('access-token');
// Just plain ol' bad...
if (empty($_token) || empty($_clientId)) {
$this->error('bad request: no token or client-id present');
return ErrorPacket::create(Response::HTTP_BAD_REQUEST);
}
try {
$_key = AppKey::byClientId($_clientId)->firstOrFail();
$this->setSigningCredentials($_clientId, $_key->client_secret);
} catch (\Exception $_ex) {
$this->error('forbidden: invalid "client-id" [' . $_clientId . ']');
return ErrorPacket::create(Response::HTTP_FORBIDDEN, 'Invalid "client-id"');
}
if (!$this->verifySignature($_token, $_clientId, $_key->client_secret)) {
$this->error('bad request: signature verification fail');
return ErrorPacket::create(Response::HTTP_BAD_REQUEST);
}
try {
$_owner = $this->_locateOwner($_key->owner_id, $_key->owner_type_nbr);
} catch (ModelNotFoundException $_ex) {
$this->error('unauthorized: invalid "user" assigned to akt#' . $_key->id);
return ErrorPacket::create(Response::HTTP_UNAUTHORIZED);
}
$request->setUserResolver(function () use($_owner) {
return $_owner;
});
//$this->debug('token validated for client "' . $_clientId . '"');
return parent::handle($request, $next);
}
/**
* Validates a client key pair and generates a signature for verification.
*
* @param string $clientId
* @param string $clientSecret
*
* @return $this
*/
protected function setSigningCredentials($clientId, $clientSecret)
{
$_key = AppKey::byClientId($clientId)->first();
if (empty($_key) || $clientSecret != $_key->client_secret) {
throw new \InvalidArgumentException('Invalid credentials.');
}
// Looks good
$this->vsClientId = $_key->client_id;
$this->vsClientSecret = $_key->client_secret;
$this->vsSignature = $this->generateSignature();
return $this;
}
