Cleanup; show user_token-token field on store request (POST)

3 files changed, 49 insertions, 22 deletions

diff --git a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php
index 65fd737..ef88f47 100644
--- a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php
+++ b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php
@@ -29,8 +29,36 @@ class BotleaguesApiServiceProvider extends ServiceProvider {
 		include __DIR__ . '/../../filters.php';
 		include __DIR__ . '/../../routes.php';
 
+		// To allow loading API requests from the specified domain
 		header('Access-Control-Allow-Origin: ' . Config::get('config.allowed_origin'));
 		
+		$this->setupErrorHandlers();
+	}
+
+	/**
+	 * Register the service provider.
+	 *
+	 * @return void
+	 */
+	public function register()
+	{
+		$this->app->register('Dingo\Api\Provider\ApiServiceProvider');
+	}
+
+	/**
+	 * Get the services provided by the provider.
+	 *
+	 * @return array
+	 */
+	public function provides()
+	{
+		return array();
+	}
+
+	/**
+	 * Setup nice error handlers for exceptions and fatal errors
+	 */
+	private function setupErrorHandlers() {
 		App::fatal(function($e) {
 			return Response::make(
 				['error' => Config::get('app.debug') ? $e->getMessage() : "Internal error"], 
@@ -55,6 +83,7 @@ class BotleaguesApiServiceProvider extends ServiceProvider {
 				], 
 				500);
 		});
+
 		API::error(function(Exception\LoginException $e) {
 			$response = Response::make("Please login", 401);
 			$response->header('WWW-Authenticate', 'Basic realm="Please login"');
@@ -63,6 +92,7 @@ class BotleaguesApiServiceProvider extends ServiceProvider {
 		API::error(function(Exception\RedirectException $e) {
 			return Redirect::to($e->getMessage());
 		});
+		
 		API::error(function(\Exception $e) {
 			return Response::make(
 				['error' => Config::get('app.debug') ? $e->getMessage() : "Internal error"], 
@@ -70,26 +100,4 @@ class BotleaguesApiServiceProvider extends ServiceProvider {
 		});
 	}
 
-	/**
-	 * Register the service provider.
-	 *
-	 * @return void
-	 */
-	public function register()
-	{
-
-		$this->app->register('Dingo\Api\Provider\ApiServiceProvider');
-
-	}
-
-	/**
-	 * Get the services provided by the provider.
-	 *
-	 * @return array
-	 */
-	public function provides()
-	{
-		return array();
-	}
-
 }
diff --git a/src/CamilStaps/BotleaguesApi/UserToken.php b/src/CamilStaps/BotleaguesApi/UserToken.php
index 02a8891..9909f6a 100644
--- a/src/CamilStaps/BotleaguesApi/UserToken.php
+++ b/src/CamilStaps/BotleaguesApi/UserToken.php
@@ -9,6 +9,9 @@ class UserToken extends Model {
     protected $hidden = ['token'];
     protected $fillable = ['userId', 'token', 'valid_till'];
 
+    /**
+     * Override the parent's save() function to automatically update the valid_till timestamp
+     */
     public function save(array $options = array()) {
         $this->valid_till = date("Y-m-d H:i:s", time() + 3600);
 
diff --git a/src/controllers/UserTokenController.php b/src/controllers/UserTokenController.php
index d894b52..2c2fe1e 100644
--- a/src/controllers/UserTokenController.php
+++ b/src/controllers/UserTokenController.php
@@ -12,19 +12,35 @@ class UserTokenController extends BaseController {
         $this->userToken = $userToken;
     }
 
+    /**
+     * Only the tokens of the authenticated user are shown
+     */
     public function index() {
         return $this->userToken->where('userId', '=', Auth::user()->id)->get();
     }
     
+    /**
+     * Only the tokens of the authenticated user are available
+     */
     public function show($id) {
         return $this->userToken->where('userId', '=', Auth::user()->id)->findOrFail($id);
     }
 
+    /**
+     * Set the userId and create a random token
+     */
     public function store() {
         $this->userToken->userId = Auth::user()->id;
         $this->userToken->token = sha1(mt_rand());
 
         if ($this->userToken->save()) {
+            // Remove the token field from the hidden fields
+            $hidden = $this->userToken->getHidden();
+            foreach ($hidden as $k => $v)
+                if ($v == 'token')
+                    unset($hidden[$k]);
+            $this->userToken->setHidden($hidden);
+
             return $this->userToken;
         } else {
             throw new Dingo\Api\Exception\StoreResourceFailedException;