diff options
| author | Camil Staps | 2015-06-28 00:16:54 +0200 |
|---|---|---|
| committer | Camil Staps | 2015-06-28 00:16:54 +0200 |
| commit | 1a3c6167f6a68964a0bd94c064a88794c952efb6 (patch) | |
| tree | 984508e789b96e2f8906c00a9def229435b45403 /src/CamilStaps | |
| parent | Expose Location header; redirect after storing User (diff) | |
Lumen
Diffstat (limited to 'src/CamilStaps')
6 files changed, 149 insertions, 30 deletions
diff --git a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php index 768b2ce..f6d657b 100644 --- a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php @@ -22,7 +22,7 @@ namespace CamilStaps\BotleaguesApi; use CamilStaps\BotleaguesApi\Database\PasswordReminder; use CamilStaps\BotleaguesApi\Database\User; -use Dingo\Api\Auth\Provider\Provider; +use Dingo\Api\Contract\Auth\Provider; use Dingo\Api\Routing\Route; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; @@ -42,8 +42,8 @@ class ActivationCodeAuthenticationProvider implements Provider { * @return mixed */ public function authenticate(Request $request, Route $route) { - $user = User::findOrFail($request->route('user')); - $passwordReminder = PasswordReminder::findOrFail($request->route('password_reminder')); + $user = User::findOrFail($request->route()[2]['user']); + $passwordReminder = PasswordReminder::findOrFail($request->route()[2]['password_reminder']); if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userEmail == $user->email && $passwordReminder->isValid()) { Auth::login($user); diff --git a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php index bfd939f..c3481ac 100644 --- a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php +++ b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php @@ -19,9 +19,10 @@ */ namespace CamilStaps\BotleaguesApi; +use Illuminate\Support\Facades\App; use \Illuminate\Support\Facades\Request; use \Illuminate\Support\ServiceProvider; -use Response; +use \Dingo\Api\Http\Response; class BotleaguesApiServiceProvider extends ServiceProvider { @@ -42,29 +43,30 @@ class BotleaguesApiServiceProvider extends ServiceProvider { $this->loadViewsFrom(__DIR__ . '/../../views', 'botleagues-api'); $this->publishes([ __DIR__ . '/../../views' => base_path('resources/view/vendor/botleagues-api')], 'views'); - $this->publishes([ __DIR__ . '/../../config/botleaguesapi.php' => config_path('botleaguesapi.php')], 'config'); - - include __DIR__ . '/../../filters.php'; + //$this->publishes([ __DIR__ . '/../../config/botleaguesapi.php' => config_path('botleaguesapi.php')], 'config'); include __DIR__ . '/../../routes.php'; - // To allow loading API requests from the specified domain - $allowed_origin = config('botleaguesapi.allowed_origin'); - if (is_array($allowed_origin)) { - $origin = Request::header('Origin'); - if (in_array($origin, $allowed_origin)) { - header('Access-Control-Allow-Origin: ' . $origin); - } else { - header('Access-Control-Allow-Origin: ' . $allowed_origin[0]); - } - } else { - header('Access-Control-Allow-Origin: ' . $allowed_origin); + + + $request = app('request'); + if ($request->isMethod('OPTIONS')) { + app()->options($request->path(), function() { return response('', 200); }); } - header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); - header('Access-Control-Allow-Headers: Authorization'); - header('Access-Control-Expose-Headers: Location'); $this->setupErrorHandlers(); + + config(['api.auth' => [ + 'basic' => function ($app) { + return new \Dingo\Api\Auth\Provider\Basic($app['auth']); + }, + 'token' => function ($app) { + return new \CamilStaps\BotleaguesApi\TokenAuthenticationProvider; + }, + 'activationcode' => function ($app) { + return new \CamilStaps\BotleaguesApi\ActivationCodeAuthenticationProvider; + } + ]]); } /** @@ -83,7 +85,7 @@ class BotleaguesApiServiceProvider extends ServiceProvider { */ public function provides() { - return array('CamilStaps\BotleaguesApi\BotleaguesApiServiceProvider'); + return ['CamilStaps\BotleaguesApi\BotleaguesApiServiceProvider']; } /** @@ -93,22 +95,22 @@ class BotleaguesApiServiceProvider extends ServiceProvider { $exception = app('api.exception'); $exception->register(function(\Symfony\Component\HttpKernel\Exception\NotFoundHttpException $e) { - return Response::make( + return new Response( ['error' => 'Endpoint not found'], 404); }); $exception->register(function(\Illuminate\Database\Eloquent\ModelNotFoundException $e) { - return Response::make( + return new Response( ['error' => 'Resource not found'], 404); }); $exception->register(function(\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException $e) { - return Response::make( - ['error' => !config('app.debug') || empty($e->getMessage()) ? 'Access denied' : $e->getMessage()], + return new Response( + ['error' => !env('APP_DEBUG') || empty($e->getMessage()) ? 'Access denied' : $e->getMessage()], 404); }); $exception->register(function(Exception\ValidationException $e) { - return Response::make( + return new Response( [ 'error' => $e->getMessage(), 'errors' => $e->errors @@ -117,8 +119,8 @@ class BotleaguesApiServiceProvider extends ServiceProvider { }); $exception->register(function(\Exception $e) { - return Response::make( - ['error' => config('app.debug') ? $e->getMessage() : "Internal error"], + return new Response( + ['error' => env('APP_DEBUG') ? $e->getMessage() : "Internal error"], 500); }); } diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php new file mode 100644 index 0000000..9ec6a73 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php @@ -0,0 +1,34 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Closure; + +class Administrator { + + public function handle($request, Closure $next) { + $auth = app('api.auth'); + if (empty($auth->user()) || !$auth->user()->isAdministrator) { + throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + } + return $next($request); + } + +} diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php new file mode 100644 index 0000000..0391f60 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php @@ -0,0 +1,48 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Closure; +use \Illuminate\Support\Facades\Request; + +class Cors { + + public function handle($request, Closure $next) { + $response = $next($request); + + // To allow loading API requests from the specified domain + $allowed_origin = env('BOTLEAGUESAPI_ALLOWED_ORIGIN'); + $allowed_origin = explode('|', $allowed_origin); + + $origin = Request::header('Origin'); + if (in_array($origin, $allowed_origin)) { + $response->header('Access-Control-Allow-Origin', $origin); + } else { + $response->header('Access-Control-Allow-Origin', $allowed_origin[0]); + } + + $response->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); + $response->header('Access-Control-Allow-Headers', 'Authorization'); + $response->header('Access-Control-Expose-Headers', 'Location'); + + return $response; + } + +} diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php new file mode 100644 index 0000000..705dce2 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php @@ -0,0 +1,35 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Illuminate\Http\Request; +use Closure; + +class CurrentUser { + + public function handle(Request $request, Closure $next) { + $auth = app('api.auth'); + if (empty($auth->user()) || $request->route()[2]['user'] != $auth->user()->email) { + throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + } + return $next($request); + } + +} diff --git a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php index f3f8cb9..d706d16 100644 --- a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php @@ -21,7 +21,7 @@ namespace CamilStaps\BotleaguesApi; use CamilStaps\BotleaguesApi\Database\User; -use Dingo\Api\Auth\Provider\Provider; +use Dingo\Api\Contract\Auth\Provider; use Dingo\Api\Routing\Route; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; |