diff options
| author | Camil Staps | 2015-06-28 00:16:54 +0200 |
|---|---|---|
| committer | Camil Staps | 2015-06-28 00:16:54 +0200 |
| commit | 1a3c6167f6a68964a0bd94c064a88794c952efb6 (patch) | |
| tree | 984508e789b96e2f8906c00a9def229435b45403 /src/CamilStaps/BotleaguesApi/Http/Middleware | |
| parent | Expose Location header; redirect after storing User (diff) | |
Lumen
Diffstat (limited to 'src/CamilStaps/BotleaguesApi/Http/Middleware')
3 files changed, 117 insertions, 0 deletions
diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php new file mode 100644 index 0000000..9ec6a73 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php @@ -0,0 +1,34 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Closure; + +class Administrator { + + public function handle($request, Closure $next) { + $auth = app('api.auth'); + if (empty($auth->user()) || !$auth->user()->isAdministrator) { + throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + } + return $next($request); + } + +} diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php new file mode 100644 index 0000000..0391f60 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php @@ -0,0 +1,48 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Closure; +use \Illuminate\Support\Facades\Request; + +class Cors { + + public function handle($request, Closure $next) { + $response = $next($request); + + // To allow loading API requests from the specified domain + $allowed_origin = env('BOTLEAGUESAPI_ALLOWED_ORIGIN'); + $allowed_origin = explode('|', $allowed_origin); + + $origin = Request::header('Origin'); + if (in_array($origin, $allowed_origin)) { + $response->header('Access-Control-Allow-Origin', $origin); + } else { + $response->header('Access-Control-Allow-Origin', $allowed_origin[0]); + } + + $response->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); + $response->header('Access-Control-Allow-Headers', 'Authorization'); + $response->header('Access-Control-Expose-Headers', 'Location'); + + return $response; + } + +} diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php new file mode 100644 index 0000000..705dce2 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php @@ -0,0 +1,35 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Illuminate\Http\Request; +use Closure; + +class CurrentUser { + + public function handle(Request $request, Closure $next) { + $auth = app('api.auth'); + if (empty($auth->user()) || $request->route()[2]['user'] != $auth->user()->email) { + throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + } + return $next($request); + } + +} |