Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4320 from devdot/improve-api-auth-exception

Browse Source 
Improve ApiAuthException control flow
This commit is contained in:
Dan Brown 2023-06-25 23:35:19 +01:00 committed by GitHub
commit bae0e80cee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/Exceptions/ApiAuthException.php
View File

@ -2,6 +2,25 @@
namespace BookStack\Exceptions; namespace BookStack\Exceptions;
class ApiAuthException extends UnauthorizedException use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
class ApiAuthException extends \Exception implements HttpExceptionInterface
{ {
protected int $status;
public function __construct(string $message, int $statusCode = 401)
{
$this->status = $statusCode;
parent::__construct($message, $statusCode);
}
public function getStatusCode(): int
{
return $this->status;
}
public function getHeaders(): array
{
return [];
}
} }

16
app/Exceptions/UnauthorizedException.php
View File

@ -1,16 +0,0 @@
<?php
namespace BookStack\Exceptions;
use Exception;
class UnauthorizedException extends Exception
{
/**
* ApiAuthException constructor.
*/
public function __construct($message, $code = 401)
{
parent::__construct($message, $code);
}
}

22
app/Http/Middleware/ApiAuthenticate.php
View File

@ -3,7 +3,6 @@
namespace BookStack\Http\Middleware; namespace BookStack\Http\Middleware;
use BookStack\Exceptions\ApiAuthException; use BookStack\Exceptions\ApiAuthException;
use BookStack\Exceptions\UnauthorizedException;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -11,15 +10,13 @@ class ApiAuthenticate
{ {
/** /**
* Handle an incoming request. * Handle an incoming request.
*
* @throws ApiAuthException
*/ */
public function handle(Request $request, Closure $next) public function handle(Request $request, Closure $next)
{ {
// Validate the token and it's users API access // Validate the token and it's users API access
try {
$this->ensureAuthorizedBySessionOrToken(); $this->ensureAuthorizedBySessionOrToken();
} catch (UnauthorizedException $exception) {
return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
}
return $next($request); return $next($request);
} }
@ -28,7 +25,7 @@ class ApiAuthenticate
* Ensure the current user can access authenticated API routes, either via existing session * Ensure the current user can access authenticated API routes, either via existing session
* authentication or via API Token authentication. * authentication or via API Token authentication.
* *
* @throws UnauthorizedException * @throws ApiAuthException
*/ */
protected function ensureAuthorizedBySessionOrToken(): void protected function ensureAuthorizedBySessionOrToken(): void
{ {
@ -58,17 +55,4 @@ class ApiAuthenticate
return $hasApiPermission && hasAppAccess(); return $hasApiPermission && hasAppAccess();
} }
/**
* Provide a standard API unauthorised response.
*/
protected function unauthorisedResponse(string $message, int $code)
{
return response()->json([
'error' => [
'code' => $code,
'message' => $message,
],
], $code);
}
} }