/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register') || $request->is('api/v1/oauth_login');
$headers = Utils::getApiHeaders();
$hasApiSecret = false;
if ($secret = env(API_SECRET)) {
$requestSecret = Request::header('X-Ninja-Secret') ?: ($request->api_secret ?: '');
$hasApiSecret = hash_equals($requestSecret, $secret);
}
if ($loggingIn) {
// check API secret
if (!$hasApiSecret) {
sleep(ERROR_DELAY);
return Response::json('Invalid value for API_SECRET', 403, $headers);
}
} else {
// check for a valid token
$token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']);
// check if user is archived
if ($token && $token->user) {
Auth::onceUsingId($token->user_id);
Session::set('token_id', $token->id);
} else {
sleep(ERROR_DELAY);
return Response::json('Invalid token', 403, $headers);
}
}
if (!Utils::isNinja() && !$loggingIn) {
return $next($request);
}
if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
return Response::json('API requires pro plan', 403, $headers);
} else {
$key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
// http://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users
$hour = 60 * 60;
$hour_limit = 100;
# users are limited to 100 requests/hour
$hour_throttle = Cache::get("hour_throttle:{$key}", null);
$last_api_request = Cache::get("last_api_request:{$key}", 0);
$last_api_diff = time() - $last_api_request;
if (is_null($hour_throttle)) {
$new_hour_throttle = 0;
} else {
$new_hour_throttle = $hour_throttle - $last_api_diff;
$new_hour_throttle = $new_hour_throttle < 0 ? 0 : $new_hour_throttle;
$new_hour_throttle += $hour / $hour_limit;
$hour_hits_remaining = floor(($hour - $new_hour_throttle) * $hour_limit / $hour);
$hour_hits_remaining = $hour_hits_remaining >= 0 ? $hour_hits_remaining : 0;
}
if ($new_hour_throttle > $hour) {
$wait = ceil($new_hour_throttle - $hour);
sleep(1);
return Response::json("Please wait {$wait} second(s)", 403, $headers);
}
Cache::put("hour_throttle:{$key}", $new_hour_throttle, 10);
Cache::put("last_api_request:{$key}", time(), 10);
}
return $next($request);
}
/**
* Stores new account
*
*/
public function save($tokenPublicId = false)
{
if (Auth::user()->account->isPro()) {
$rules = ['name' => 'required'];
if ($tokenPublicId) {
$token = AccountToken::where('account_id', '=', Auth::user()->account_id)->where('public_id', '=', $tokenPublicId)->firstOrFail();
}
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) {
return Redirect::to($tokenPublicId ? 'tokens/edit' : 'tokens/create')->withInput()->withErrors($validator);
}
if ($tokenPublicId) {
$token->name = trim(Input::get('name'));
} else {
$token = AccountToken::createNew();
$token->name = trim(Input::get('name'));
$token->token = str_random(RANDOM_KEY_LENGTH);
}
$token->save();
if ($tokenPublicId) {
$message = trans('texts.updated_token');
} else {
$message = trans('texts.created_token');
}
Session::flash('message', $message);
}
return Redirect::to('settings/' . ACCOUNT_API_TOKENS);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$loggingIn = $request->is('api/v1/login');
$headers = Utils::getApiHeaders();
if ($loggingIn) {
// do nothing
} else {
// check for a valid token
$token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']);
if ($token) {
Auth::loginUsingId($token->user_id);
Session::set('token_id', $token->id);
} else {
sleep(3);
return Response::json('Invalid token', 403, $headers);
}
}
if (!Utils::isNinja() && !$loggingIn) {
return $next($request);
}
if (!Utils::isPro() && !$loggingIn) {
return Response::json('API requires pro plan', 403, $headers);
} else {
$key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
// http://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users
$hour = 60 * 60;
$hour_limit = 100;
# users are limited to 100 requests/hour
$hour_throttle = Cache::get("hour_throttle:{$key}", null);
$last_api_request = Cache::get("last_api_request:{$key}", 0);
$last_api_diff = time() - $last_api_request;
if (is_null($hour_throttle)) {
$new_hour_throttle = 0;
} else {
$new_hour_throttle = $hour_throttle - $last_api_diff;
$new_hour_throttle = $new_hour_throttle < 0 ? 0 : $new_hour_throttle;
$new_hour_throttle += $hour / $hour_limit;
$hour_hits_remaining = floor(($hour - $new_hour_throttle) * $hour_limit / $hour);
$hour_hits_remaining = $hour_hits_remaining >= 0 ? $hour_hits_remaining : 0;
}
if ($new_hour_throttle > $hour) {
$wait = ceil($new_hour_throttle - $hour);
sleep(1);
return Response::json("Please wait {$wait} second(s)", 403, $headers);
}
Cache::put("hour_throttle:{$key}", $new_hour_throttle, 10);
Cache::put("last_api_request:{$key}", time(), 10);
}
return $next($request);
}
/**
* Stores new account
*
*/
public function save($tokenPublicId = false)
{
if (Auth::user()->account->isPro()) {
$rules = ['name' => 'required'];
if ($tokenPublicId) {
$token = AccountToken::where('account_id', '=', Auth::user()->account_id)->where('public_id', '=', $tokenPublicId)->firstOrFail();
}
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) {
return Redirect::to($tokenPublicId ? 'tokens/edit' : 'tokens/create')->withInput()->withErrors($validator);
}
if ($tokenPublicId) {
$token->name = trim(Input::get('name'));
} else {
$lastToken = AccountToken::withTrashed()->where('account_id', '=', Auth::user()->account_id)->orderBy('public_id', 'DESC')->first();
$token = AccountToken::createNew();
$token->name = trim(Input::get('name'));
$token->token = str_random(RANDOM_KEY_LENGTH);
$token->public_id = $lastToken ? $lastToken->public_id + 1 : 1;
}
$token->save();
if ($tokenPublicId) {
$message = trans('texts.updated_token');
} else {
$message = trans('texts.created_token');
}
Session::flash('message', $message);
}
return Redirect::to('company/advanced_settings/token_management');
}
public function createTokens($user, $name)
{
$name = trim($name) ?: 'TOKEN';
$users = $this->findUsers($user);
foreach ($users as $user) {
if ($token = AccountToken::whereUserId($user->id)->whereName($name)->first()) {
continue;
}
$token = AccountToken::createNew($user);
$token->name = $name;
$token->token = str_random(RANDOM_KEY_LENGTH);
$token->save();
}
}
public function createToken($name)
{
$token = AccountToken::createNew();
$token->name = trim($name) ?: 'TOKEN';
$token->token = str_random(RANDOM_KEY_LENGTH);
$token->save();
return $token->token;
}
