diff options
| -rw-r--r-- | composer.json | 9 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php | 6 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php | 54 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php (renamed from src/filters.php) | 23 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php | 48 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php | 35 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php | 2 | ||||
| -rw-r--r-- | src/controllers/PasswordReminderController.php | 2 | ||||
| -rw-r--r-- | src/controllers/UserController.php | 3 | ||||
| -rw-r--r-- | src/routes.php | 15 |
10 files changed, 147 insertions, 50 deletions
diff --git a/composer.json b/composer.json index 6dafa2f..d70b55c 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,7 @@ { "name": "camil-staps/botleagues-api", "description": "", + "version": "0.0.1", "authors": [ { "name": "Camil Staps", @@ -9,8 +10,8 @@ ], "require": { "php": ">=5.5.0", - "illuminate/support": "5.0.*", - "dingo/api": "0.9.*@dev" + "illuminate/support": "5.1.*", + "dingo/api": "0.9.*" }, "autoload": { "classmap": [ @@ -20,5 +21,7 @@ "psr-0": { "CamilStaps\\BotleaguesApi\\": "src/" } - } + }, + "minimum-stability": "dev", + "prefer-stable": true } diff --git a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php index 768b2ce..f6d657b 100644 --- a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php @@ -22,7 +22,7 @@ namespace CamilStaps\BotleaguesApi; use CamilStaps\BotleaguesApi\Database\PasswordReminder; use CamilStaps\BotleaguesApi\Database\User; -use Dingo\Api\Auth\Provider\Provider; +use Dingo\Api\Contract\Auth\Provider; use Dingo\Api\Routing\Route; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; @@ -42,8 +42,8 @@ class ActivationCodeAuthenticationProvider implements Provider { * @return mixed */ public function authenticate(Request $request, Route $route) { - $user = User::findOrFail($request->route('user')); - $passwordReminder = PasswordReminder::findOrFail($request->route('password_reminder')); + $user = User::findOrFail($request->route()[2]['user']); + $passwordReminder = PasswordReminder::findOrFail($request->route()[2]['password_reminder']); if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userEmail == $user->email && $passwordReminder->isValid()) { Auth::login($user); diff --git a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php index bfd939f..c3481ac 100644 --- a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php +++ b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php @@ -19,9 +19,10 @@ */ namespace CamilStaps\BotleaguesApi; +use Illuminate\Support\Facades\App; use \Illuminate\Support\Facades\Request; use \Illuminate\Support\ServiceProvider; -use Response; +use \Dingo\Api\Http\Response; class BotleaguesApiServiceProvider extends ServiceProvider { @@ -42,29 +43,30 @@ class BotleaguesApiServiceProvider extends ServiceProvider { $this->loadViewsFrom(__DIR__ . '/../../views', 'botleagues-api'); $this->publishes([ __DIR__ . '/../../views' => base_path('resources/view/vendor/botleagues-api')], 'views'); - $this->publishes([ __DIR__ . '/../../config/botleaguesapi.php' => config_path('botleaguesapi.php')], 'config'); - - include __DIR__ . '/../../filters.php'; + //$this->publishes([ __DIR__ . '/../../config/botleaguesapi.php' => config_path('botleaguesapi.php')], 'config'); include __DIR__ . '/../../routes.php'; - // To allow loading API requests from the specified domain - $allowed_origin = config('botleaguesapi.allowed_origin'); - if (is_array($allowed_origin)) { - $origin = Request::header('Origin'); - if (in_array($origin, $allowed_origin)) { - header('Access-Control-Allow-Origin: ' . $origin); - } else { - header('Access-Control-Allow-Origin: ' . $allowed_origin[0]); - } - } else { - header('Access-Control-Allow-Origin: ' . $allowed_origin); + + + $request = app('request'); + if ($request->isMethod('OPTIONS')) { + app()->options($request->path(), function() { return response('', 200); }); } - header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); - header('Access-Control-Allow-Headers: Authorization'); - header('Access-Control-Expose-Headers: Location'); $this->setupErrorHandlers(); + + config(['api.auth' => [ + 'basic' => function ($app) { + return new \Dingo\Api\Auth\Provider\Basic($app['auth']); + }, + 'token' => function ($app) { + return new \CamilStaps\BotleaguesApi\TokenAuthenticationProvider; + }, + 'activationcode' => function ($app) { + return new \CamilStaps\BotleaguesApi\ActivationCodeAuthenticationProvider; + } + ]]); } /** @@ -83,7 +85,7 @@ class BotleaguesApiServiceProvider extends ServiceProvider { */ public function provides() { - return array('CamilStaps\BotleaguesApi\BotleaguesApiServiceProvider'); + return ['CamilStaps\BotleaguesApi\BotleaguesApiServiceProvider']; } /** @@ -93,22 +95,22 @@ class BotleaguesApiServiceProvider extends ServiceProvider { $exception = app('api.exception'); $exception->register(function(\Symfony\Component\HttpKernel\Exception\NotFoundHttpException $e) { - return Response::make( + return new Response( ['error' => 'Endpoint not found'], 404); }); $exception->register(function(\Illuminate\Database\Eloquent\ModelNotFoundException $e) { - return Response::make( + return new Response( ['error' => 'Resource not found'], 404); }); $exception->register(function(\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException $e) { - return Response::make( - ['error' => !config('app.debug') || empty($e->getMessage()) ? 'Access denied' : $e->getMessage()], + return new Response( + ['error' => !env('APP_DEBUG') || empty($e->getMessage()) ? 'Access denied' : $e->getMessage()], 404); }); $exception->register(function(Exception\ValidationException $e) { - return Response::make( + return new Response( [ 'error' => $e->getMessage(), 'errors' => $e->errors @@ -117,8 +119,8 @@ class BotleaguesApiServiceProvider extends ServiceProvider { }); $exception->register(function(\Exception $e) { - return Response::make( - ['error' => config('app.debug') ? $e->getMessage() : "Internal error"], + return new Response( + ['error' => env('APP_DEBUG') ? $e->getMessage() : "Internal error"], 500); }); } diff --git a/src/filters.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php index ce4cd1b..9ec6a73 100644 --- a/src/filters.php +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php @@ -17,17 +17,18 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; -Route::filter('administrator', function(){ - $auth = app('api.auth'); - if (empty($auth->user()) || !$auth->user()->isAdministrator) { - throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); - } -}); +use Closure; + +class Administrator { -Route::filter('current_user', function() { - $auth = app('api.auth'); - if (empty($auth->user()) || Route::input('user') != $auth->user()->email) { - throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + public function handle($request, Closure $next) { + $auth = app('api.auth'); + if (empty($auth->user()) || !$auth->user()->isAdministrator) { + throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + } + return $next($request); } -});
\ No newline at end of file + +} diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php new file mode 100644 index 0000000..0391f60 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php @@ -0,0 +1,48 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Closure; +use \Illuminate\Support\Facades\Request; + +class Cors { + + public function handle($request, Closure $next) { + $response = $next($request); + + // To allow loading API requests from the specified domain + $allowed_origin = env('BOTLEAGUESAPI_ALLOWED_ORIGIN'); + $allowed_origin = explode('|', $allowed_origin); + + $origin = Request::header('Origin'); + if (in_array($origin, $allowed_origin)) { + $response->header('Access-Control-Allow-Origin', $origin); + } else { + $response->header('Access-Control-Allow-Origin', $allowed_origin[0]); + } + + $response->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); + $response->header('Access-Control-Allow-Headers', 'Authorization'); + $response->header('Access-Control-Expose-Headers', 'Location'); + + return $response; + } + +} diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php new file mode 100644 index 0000000..705dce2 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php @@ -0,0 +1,35 @@ +<?php +/** + * RESTful PHP API for Botleagues + * Copyright (C) 2015 Camil Staps <info@camilstaps.nl> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace CamilStaps\BotleaguesApi\Http\Middleware; + +use Illuminate\Http\Request; +use Closure; + +class CurrentUser { + + public function handle(Request $request, Closure $next) { + $auth = app('api.auth'); + if (empty($auth->user()) || $request->route()[2]['user'] != $auth->user()->email) { + throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); + } + return $next($request); + } + +} diff --git a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php index f3f8cb9..d706d16 100644 --- a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php @@ -21,7 +21,7 @@ namespace CamilStaps\BotleaguesApi; use CamilStaps\BotleaguesApi\Database\User; -use Dingo\Api\Auth\Provider\Provider; +use Dingo\Api\Contract\Auth\Provider; use Dingo\Api\Routing\Route; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php index c4422c3..8d3ea29 100644 --- a/src/controllers/PasswordReminderController.php +++ b/src/controllers/PasswordReminderController.php @@ -61,7 +61,7 @@ class PasswordReminderController extends BaseController { */ public function destroy($userEmail, $reminderToken) { $user = Auth::user(); - $user->password = Request::get('password'); + $user->password = Request::input('password'); $user->save(); $this->passwordReminder = $this->passwordReminder->findOrFail($reminderToken); $this->passwordReminder->useToken(); diff --git a/src/controllers/UserController.php b/src/controllers/UserController.php index 8c91f53..2daadb8 100644 --- a/src/controllers/UserController.php +++ b/src/controllers/UserController.php @@ -23,6 +23,7 @@ use CamilStaps\BotleaguesApi\Database\User; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Input; +use Illuminate\Support\Facades\URL; use Illuminate\Support\Facades\Validator; class UserController extends BaseController { @@ -61,7 +62,7 @@ class UserController extends BaseController { $this->user->password = Input::get('password'); if ($this->user->save()) { - return $this->response->created(route('user.show', $this->user->email)); + return $this->response->created(route('user/show', $this->user->email)); } else { throw new \Dingo\Api\Exception\StoreResourceFailedException; } diff --git a/src/routes.php b/src/routes.php index 82095f8..89091fe 100644 --- a/src/routes.php +++ b/src/routes.php @@ -18,9 +18,11 @@ * */ +global $app; + $api = app('api.router'); -Route::group(['https'], function() use ($api) { +$app->group(['https'], function() use ($api) { $api->version('v1', ['protected' => false], function ($api) { @@ -40,7 +42,12 @@ Route::group(['https'], function() use ($api) { ['only' => ['index','show']]); $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController', - ['only' => ['index','show','store']]); + ['only' => ['index','show','store'], + 'names' => [ + 'index' => 'user.index', + 'show' => 'user.show', + 'store' => 'user.store' + ]]); $api->resource('user.password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController', ['only' => ['store']]); @@ -65,7 +72,7 @@ Route::group(['https'], function() use ($api) { $api->resource('bot', 'CamilStaps\BotleaguesApi\Controllers\BotController', ['except' => ['index', 'show', 'create','edit']]); - $api->group(array('before' => 'administrator'), function() use ($api) { + $api->group(['middleware' => 'administrator'], function() use ($api) { $api->resource('competition', 'CamilStaps\BotleaguesApi\Controllers\CompetitionController', ['except' => ['index', 'show', 'create', 'edit']]); @@ -78,7 +85,7 @@ Route::group(['https'], function() use ($api) { }); - $api->group(['before' => 'current_user'], function() use ($api) { + $api->group(['middleware' => 'current_user'], function() use ($api) { $api->resource('user.token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', ['only' => ['index', 'show']]); |