BookStack/app/Http/Middleware/ApiAuthenticate.php

<?php

namespace BookStack\Http\Middleware;

use BookStack\Exceptions\ApiAuthException;
use BookStack\Http\Request;
use Closure;

class ApiAuthenticate
{

    /**
     * Handle an incoming request.
     */
    public function handle(Request $request, Closure $next)
    {
        // Return if the user is already found to be signed in via session-based auth.
        // This is to make it easy to browser the API via browser after just logging into the system.
        if (signedInUser()) {
            return $next($request);
        }

        // Set our api guard to be the default for this request lifecycle.
        auth()->shouldUse('api');

        // Validate the token and it's users API access
        try {
            auth()->authenticate();
        } catch (ApiAuthException $exception) {
            return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
        }

        return $next($request);
    }

    /**
     * Provide a standard API unauthorised response.
     */
    protected function unauthorisedResponse(string $message, int $code)
    {
        return response()->json([
            'error' => [
                'code' => $code,
                'message' => $message,
            ]
        ], 401);
    }
}
Linked new API token system into middleware Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API. 2019-12-29 21:16:07 -05:00			`<?php`

			`namespace BookStack\Http\Middleware;`

Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 09:51:28 -05:00			`use BookStack\Exceptions\ApiAuthException;`
Linked new API token system into middleware Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API. 2019-12-29 21:16:07 -05:00			`use BookStack\Http\Request;`
			`use Closure;`

			`class ApiAuthenticate`
			`{`

			`/**`
			`* Handle an incoming request.`
			`*/`
			`public function handle(Request $request, Closure $next)`
			`{`
			`// Return if the user is already found to be signed in via session-based auth.`
			`// This is to make it easy to browser the API via browser after just logging into the system.`
			`if (signedInUser()) {`
			`return $next($request);`
			`}`

Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 09:51:28 -05:00			`// Set our api guard to be the default for this request lifecycle.`
			`auth()->shouldUse('api');`
Linked new API token system into middleware Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API. 2019-12-29 21:16:07 -05:00
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 09:51:28 -05:00			`// Validate the token and it's users API access`
			`try {`
			`auth()->authenticate();`
			`} catch (ApiAuthException $exception) {`
			`return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());`
Linked new API token system into middleware Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API. 2019-12-29 21:16:07 -05:00			`}`

			`return $next($request);`
			`}`

			`/**`
			`* Provide a standard API unauthorised response.`
			`*/`
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 09:51:28 -05:00			`protected function unauthorisedResponse(string $message, int $code)`
Linked new API token system into middleware Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API. 2019-12-29 21:16:07 -05:00			`{`
			`return response()->json([`
			`'error' => [`
			`'code' => $code,`
			`'message' => $message,`
			`]`
			`], 401);`
			`}`
			`}`