phpvms/app/Http/Middleware/ApiAuth.php
Nabeel S 073e48c396
7.0.0-beta3 Release (#541)
* 391 Notification refactorings (#441)

* Refactor notifications to allow easier plugins

* Notification refactoring

* Formatting

* Move news to NewsService; cleanup of events

* More refactoring; added send email out for news item and the template

* Formatting

* Formatting

* Fix missing newsRepo (#445)

* Refactor and add importer to Installer module #443 (#444)

* Refactor and add importer to Installer module #443

* Refactor for finances to use in import

* Import groups into roles

* Formatting

* Formatting

* Add interface in installer for import

* Notes about importing

* Check for installer folder

* Formatting

* Fix pirep->user mapping

* Unused import

* Formatting

* Replace importer with AJAX powered; better error handling #443 (#447)

* Replace importer with AJAX powered; better error handling #443

* Formatting

* Fix command line importer

* Remove bootstrap cache (#448)

* Cleanup the bootstrap/cache directory when packaging

* Fix removal of bootstrap cache

* Formatting

* Stricter checks on ACARS API data (#451)

* Stricter checks on ACARS API data

* More checks

* Fix for flight_number check forcing to exist

* Allow nullable on flight_id

* Avoid proc_open use #455 (#456)

* Use PhpExecutableFinder() closes #457 #458 (#460)

* Use DateTimeZone instead of int for creating datetime

closes #461

* Fix CSV imports giving Storage class not found #454 (#462)

* Fix CSV imports giving Storage class not found #454

* Update yarn files for security alert

* Add PHP 7.4 support (#464)

* Add PHP 7.4 to build matrix

* DB fix

* YAML parser fix in test data

* Show versions

* Package updates

* Track used ICAOs

* 7.4 METAR parsing fix

* METAR parser fix

* Formatting

* Add meters to response units

* Call instance for unit conversion

* Return value

* Catch exception for unknown quantity

* Comment fix

* Formatting

* METAR parsing fixes on PHP 7.4

* Package updates

* More random airport ID

* More random airport ID

* Properly disable toolbar

* Semver written out to version file

* Use dev as default identifier

* Fix BindingResolutionError when debug toolbar isn't present (#465)

* Fix BindingResolutionError when debug toolbar isn't present

* Formatting

* Split the importer module out from the installer module (#468)

* Split the importer module out from the installer module

* Cleanup of unused imports

* Move updater into separate module #453

* Remove unused imports/formatting

* Disable the install and importer modules at the end of the setup

* Unused imports; update IJ style

* test explicit stage for php+mysql

* add more to matrix

* Add different MariaDB versions

* undo

* Cleanup Model doc

* Pilots cannot use the dashboard or flights without admin rights (#481)

* Use auth middleware instead of specific groups for logged in state

* Auth check for admin access

* Check user admin access for updates

* Formatting

* Allow nullable field and calculate distance if nulled for flight import #478 (#482)

* Check for no roles being attached #480 (#483)

* Return the flight fares if there are no subfleet fares #488 (#489)

* Return the flight fares if there are no subfleet fares #488

* Formatting

* Formatting

* Account for units when entering fuel amounts #493

* Search for ICAO not working properly (#496)

* /flights and /flights/search direct to the same endpoint

* Properly set the distance/planned_distance on save (#497)

* 491 Installation Error (#495)

* Disable CSRF token

* Add error handling around looking up the theme and set a default

* Note about logs in issue template

* Formatting

* Fix GeoService errors when viewing PIREP #498 (#499)

* Add new command to export a specific PIREP for debugging (#501)

* Set a default model value for airports on PIREP (#500)

* Set a default model value for airports on PIREP

* Fix airport icao reference

* Default airport models

* Catch broader exception writing out config files #491

* style

* Add reference to docs on doc site (#502)

* Properly create/update rows importing #486 (#503)

* Add base Dockerfile for Dockerhub builds (#504)

* New subfleet not being attached to an airline on import #479 (#505)

* Fix subfleet not being attached to an airline on creation in import #479

* Call airline name with optional() around subfleet

* Minor cleanup

* Search flights by subfleet #484 (#506)

* API level search of flights #484

* Add Subfleet to flights page for search

* Make the fuel used optional (#512)

* Add make to Docker container

* Add getRootDomain() to Utils (#514)

* Show admin dropdown for admin-access ability (#515)

* Show admin dropdown for admin-access ability closes #509

* Formatting

* Check user permissions on the routes #508 (#516)

* Check user permissions on the routes #508

* Formatting

* Return default value on exception for setting()

* Correct text for no subfleets #507 (#518)

* Add a public_url() helper #513 (#519)

* Reduce number of queries for update check (#520)

* Try to clear caches before updating (#522)

* Try to clear caches before updating

* Add clear-compiled to maintenance cache list

* Formatting

* Set PIREPs page to public (#526)

Set PIREPs page to public

* Fix live and route map errors #527 (#528)

* Add menu bar for mobile (#529)

* Format all blade templates to 2 spaces #530 (#531)

* Fix PIREP edit endpoint closes #533 (#534)

* Fix import during flight cron #532 (#535)

* PIREPS resource except for show (#536)

* Use optional() around the airport fields (#537)

* Use optional() around the airport fields

* Add null-coalesce around full_name

* Add link to download ACARS config from profile (#539)

* Add link to download ACARS config from profile

* Formatting

* Update xml config file template (#540)
2020-02-08 13:29:34 -05:00

74 lines
2.0 KiB
PHP

<?php
/**
* Handle the authentication for the API layer
*/
namespace App\Http\Middleware;
use App\Contracts\Middleware;
use App\Models\Enums\UserState;
use App\Models\User;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class ApiAuth implements Middleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
// Check if Authorization header is in place
$api_key = $request->header('x-api-key', null);
if ($api_key === null) {
$api_key = $request->header('Authorization', null);
if ($api_key === null) {
return $this->unauthorized('X-API-KEY header missing');
}
}
// Try to find the user via API key. Cache this lookup
$user = User::where('api_key', $api_key)->first();
if ($user === null) {
return $this->unauthorized('User not found with key "'.$api_key.'"');
}
if ($user->state !== UserState::ACTIVE) {
return $this->unauthorized('User is not ACTIVE, please contact an administrator');
}
// Set the user to the request
Auth::setUser($user);
$request->merge(['user' => $user]);
$request->setUserResolver(function () use ($user) {
return $user;
});
return $next($request);
}
/**
* Return an unauthorized message
*
* @param mixed $details
*
* @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
*/
private function unauthorized($details = '')
{
return response([
'error' => [
'code' => '401',
'http_code' => 'Unauthorized',
'message' => 'Invalid or missing API key ('.$details.')',
],
], 401);
}
}