Cachet/app/Http/Middleware/ApiAuthentication.php

<?php

/*
 * This file is part of Cachet.
 *
 * (c) Alt Three Services Limited
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace CachetHQ\Cachet\Http\Middleware;

use CachetHQ\Cachet\Models\User;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException;

/**
 * This is the api authentication middleware class.
 *
 * @author Joseph Cohen <joe@alt-three.com>
 * @author Graham Campbell <james@alt-three.com>
 * @author James Brooks <james@alt-three.com>
 */
class ApiAuthentication
{
    /**
     * The authentication guard instance.
     *
     * @var \Illuminate\Contracts\Auth\Guard
     */
    protected $auth;

    /**
     * Create a new api authentication middleware instance.
     *
     * @param \Illuminate\Contracts\Auth\Guard $auth
     *
     * @return void
     */
    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     * @param bool                     $required
     *
     * @return mixed
     */
    public function handle(Request $request, Closure $next, $required = false)
    {
        if ($this->auth->guest()) {
            if ($apiToken = $request->header('X-Cachet-Token')) {
                try {
                    $this->auth->onceUsingId(User::findByApiToken($apiToken)->id);
                } catch (ModelNotFoundException $e) {
                    if ($required) {
                        throw new HttpException(401);
                    }
                }
            } elseif ($required) {
                throw new HttpException(401);
            }
        }

        return $next($request);
    }
}
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`<?php`

Closes #568, adds copyright information. 2015-04-19 08:52:39 +01:00			`/*`
			`* This file is part of Cachet.`
			`*`
Updated copyright information 2015-07-06 17:37:01 +01:00			`* (c) Alt Three Services Limited`
Closes #568, adds copyright information. 2015-04-19 08:52:39 +01:00			`*`
			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*/`

Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`namespace CachetHQ\Cachet\Http\Middleware;`

			`use CachetHQ\Cachet\Models\User;`
			`use Closure;`
Authenticate api requests 2015-05-20 17:01:26 -05:00			`use Illuminate\Contracts\Auth\Guard;`
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`use Illuminate\Database\Eloquent\ModelNotFoundException;`
Typehint middlewares Closes #1478 2016-02-11 11:35:40 +00:00			`use Illuminate\Http\Request;`
Fixed unauthorized exceptions 2015-06-18 18:12:10 +01:00			`use Symfony\Component\HttpKernel\Exception\HttpException;`
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00
Added middleware class headers 2016-10-08 10:37:21 +01:00			`/**`
			`* This is the api authentication middleware class.`
			`*`
			`* @author Joseph Cohen <joe@alt-three.com>`
			`* @author Graham Campbell <james@alt-three.com>`
			`* @author James Brooks <james@alt-three.com>`
			`*/`
Cleanup middleware and routes 2015-12-24 17:30:59 +00:00			`class ApiAuthentication`
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`{`
Authenticate api requests 2015-05-20 17:01:26 -05:00			`/**`
Fixed up the middleware 2015-06-10 14:03:31 +01:00			`* The authentication guard instance.`
Authenticate api requests 2015-05-20 17:01:26 -05:00			`*`
			`* @var \Illuminate\Contracts\Auth\Guard`
			`*/`
			`protected $auth;`

			`/**`
Cleanup middleware and routes 2015-12-24 17:30:59 +00:00			`* Create a new api authentication middleware instance.`
Authenticate api requests 2015-05-20 17:01:26 -05:00			`*`
			`* @param \Illuminate\Contracts\Auth\Guard $auth`
Added missing return void docs 2015-09-19 12:30:38 +01:00			`*`
			`* @return void`
Authenticate api requests 2015-05-20 17:01:26 -05:00			`*/`
			`public function __construct(Guard $auth)`
			`{`
			`$this->auth = $auth;`
			`}`

Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
Cleanup middleware and routes 2015-12-24 17:30:59 +00:00			`* @param bool $required`
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`*`
			`* @return mixed`
			`*/`
Typehint middlewares Closes #1478 2016-02-11 11:35:40 +00:00			`public function handle(Request $request, Closure $next, $required = false)`
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`{`
Auto authenticate the user if logged in 2015-06-02 08:35:30 +01:00			`if ($this->auth->guest()) {`
			`if ($apiToken = $request->header('X-Cachet-Token')) {`
			`try {`
Respond with the correct responses on error 2015-06-17 14:06:18 +01:00			`$this->auth->onceUsingId(User::findByApiToken($apiToken)->id);`
Auto authenticate the user if logged in 2015-06-02 08:35:30 +01:00			`} catch (ModelNotFoundException $e) {`
Cleanup middleware and routes 2015-12-24 17:30:59 +00:00			`if ($required) {`
			`throw new HttpException(401);`
			`}`
Auto authenticate the user if logged in 2015-06-02 08:35:30 +01:00			`}`
Cleanup middleware and routes 2015-12-24 17:30:59 +00:00			`} elseif ($required) {`
Fixed unauthorized exceptions 2015-06-18 18:12:10 +01:00			`throw new HttpException(401);`
Cachet is now a Laravel 5 app 2015-03-20 18:30:45 -06:00			`}`
			`}`

			`return $next($request);`
			`}`
			`}`