From 1a3c6167f6a68964a0bd94c064a88794c952efb6 Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Sun, 28 Jun 2015 00:16:54 +0200
Subject: Lumen

---
 .../Http/Middleware/Administrator.php              | 34 +++++++++++++++
 .../BotleaguesApi/Http/Middleware/Cors.php         | 48 ++++++++++++++++++++++
 .../BotleaguesApi/Http/Middleware/CurrentUser.php  | 35 ++++++++++++++++
 3 files changed, 117 insertions(+)
 create mode 100644 src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php
 create mode 100644 src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php
 create mode 100644 src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php

(limited to 'src/CamilStaps/BotleaguesApi/Http/Middleware')

diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php
new file mode 100644
index 0000000..9ec6a73
--- /dev/null
+++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Administrator.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * RESTful PHP API for Botleagues
+ * Copyright (C) 2015 Camil Staps <info@camilstaps.nl>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace CamilStaps\BotleaguesApi\Http\Middleware;
+
+use Closure;
+
+class Administrator {
+
+    public function handle($request, Closure $next) {
+        $auth = app('api.auth');
+        if (empty($auth->user()) || !$auth->user()->isAdministrator) {
+            throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException();
+        }
+        return $next($request);
+    }
+
+}
diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php
new file mode 100644
index 0000000..0391f60
--- /dev/null
+++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/Cors.php
@@ -0,0 +1,48 @@
+<?php
+/**
+ * RESTful PHP API for Botleagues
+ * Copyright (C) 2015 Camil Staps <info@camilstaps.nl>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace CamilStaps\BotleaguesApi\Http\Middleware;
+
+use Closure;
+use \Illuminate\Support\Facades\Request;
+
+class Cors {
+
+    public function handle($request, Closure $next) {
+        $response = $next($request);
+
+        // To allow loading API requests from the specified domain
+        $allowed_origin = env('BOTLEAGUESAPI_ALLOWED_ORIGIN');
+        $allowed_origin = explode('|', $allowed_origin);
+
+        $origin = Request::header('Origin');
+        if (in_array($origin, $allowed_origin)) {
+            $response->header('Access-Control-Allow-Origin', $origin);
+        } else {
+            $response->header('Access-Control-Allow-Origin', $allowed_origin[0]);
+        }
+
+        $response->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        $response->header('Access-Control-Allow-Headers', 'Authorization');
+        $response->header('Access-Control-Expose-Headers', 'Location');
+
+        return $response;
+    }
+
+}
diff --git a/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php
new file mode 100644
index 0000000..705dce2
--- /dev/null
+++ b/src/CamilStaps/BotleaguesApi/Http/Middleware/CurrentUser.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * RESTful PHP API for Botleagues
+ * Copyright (C) 2015 Camil Staps <info@camilstaps.nl>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace CamilStaps\BotleaguesApi\Http\Middleware;
+
+use Illuminate\Http\Request;
+use Closure;
+
+class CurrentUser {
+
+    public function handle(Request $request, Closure $next) {
+        $auth = app('api.auth');
+        if (empty($auth->user()) || $request->route()[2]['user'] != $auth->user()->email) {
+            throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException();
+        }
+        return $next($request);
+    }
+
+}
-- 
cgit v1.2.3