-
-
Notifications
You must be signed in to change notification settings - Fork 160
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add api token handling for users (#165)
- Loading branch information
Showing
30 changed files
with
443 additions
and
227 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<?php | ||
|
||
namespace App\Enums; | ||
|
||
class ApiToken | ||
{ | ||
public const ABILITY_USER_ACCESS = 'user_access'; | ||
public const ABILITY_SYSTEM_ACCESS = 'system_access'; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<?php | ||
|
||
namespace App\Http\Controllers\App; | ||
|
||
use App\Enums\ActivityLog; | ||
use App\Enums\ApiToken; | ||
use App\Http\Controllers\Controller; | ||
use App\Http\Requests\Auth\CreateApiTokenRequest; | ||
use Illuminate\Http\RedirectResponse; | ||
use Illuminate\Http\Request; | ||
use Laravel\Sanctum\PersonalAccessToken; | ||
|
||
class ApiTokenController extends Controller | ||
{ | ||
public function index(Request $request) | ||
{ | ||
return view('app.api-tokens.index', [ | ||
'tokens' => $request->user()->tokens()->get(), | ||
]); | ||
} | ||
|
||
public function store(CreateApiTokenRequest $request): RedirectResponse | ||
{ | ||
$token = $request->user()->createToken($request->validated('token_name'), [ApiToken::ABILITY_USER_ACCESS]); | ||
|
||
activity() | ||
->by($request->user()) | ||
->withProperty('token_id', $token->accessToken->id) | ||
->log(ActivityLog::USER_API_TOKEN_GENERATED); | ||
|
||
return redirect()->route('api-tokens.index')->with('new_token', $token->plainTextToken); | ||
} | ||
|
||
public function destroy(Request $request, PersonalAccessToken $token): RedirectResponse | ||
{ | ||
$this->authorize('delete', $token); | ||
|
||
$token->delete(); | ||
|
||
activity() | ||
->by($request->user()) | ||
->log(ActivityLog::USER_API_TOKEN_REVOKED); | ||
|
||
flash()->warning(trans('auth.api_tokens.revoke_successful')); | ||
return redirect()->route('api-tokens.index'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
<?php | ||
|
||
namespace App\Http\Requests\Auth; | ||
|
||
use Illuminate\Database\Query\Builder; | ||
use Illuminate\Foundation\Http\FormRequest; | ||
use Illuminate\Validation\Rule; | ||
|
||
class CreateApiTokenRequest extends FormRequest | ||
{ | ||
public function rules(): array | ||
{ | ||
return [ | ||
'token_name' => [ | ||
'required', | ||
'alpha_dash', | ||
'min:3', | ||
'max:100', | ||
Rule::unique('personal_access_tokens', 'name')->where(function (Builder $query) { | ||
return $query->where('tokenable_id', request()->user()->id); | ||
}), | ||
], | ||
]; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<?php | ||
|
||
namespace App\Policies; | ||
|
||
use App\Models\User; | ||
use Illuminate\Auth\Access\HandlesAuthorization; | ||
use Laravel\Sanctum\PersonalAccessToken; | ||
|
||
class ApiTokenPolicy | ||
{ | ||
use HandlesAuthorization; | ||
|
||
public function viewAny(User $user): bool | ||
{ | ||
return true; | ||
} | ||
|
||
public function view(User $user, PersonalAccessToken $personalAccessToken): bool | ||
{ | ||
return true; | ||
} | ||
|
||
public function create(User $user): bool | ||
{ | ||
return true; | ||
} | ||
|
||
public function update(User $user, PersonalAccessToken $personalAccessToken): bool | ||
{ | ||
return false; | ||
} | ||
|
||
public function delete(User $user, PersonalAccessToken $personalAccessToken): bool | ||
{ | ||
return $personalAccessToken->tokenable->is($user); | ||
} | ||
|
||
public function restore(User $user, PersonalAccessToken $personalAccessToken): bool | ||
{ | ||
return false; | ||
} | ||
|
||
public function forceDelete(User $user, PersonalAccessToken $personalAccessToken): bool | ||
{ | ||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
database/migrations/2019_12_14_000001_create_personal_access_tokens_table.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
<?php | ||
|
||
use Illuminate\Database\Migrations\Migration; | ||
use Illuminate\Database\Schema\Blueprint; | ||
use Illuminate\Support\Facades\Schema; | ||
|
||
class CreatePersonalAccessTokensTable extends Migration | ||
{ | ||
/** | ||
* Run the migrations. | ||
* | ||
* @return void | ||
*/ | ||
public function up() | ||
{ | ||
Schema::create('personal_access_tokens', function (Blueprint $table) { | ||
$table->bigIncrements('id'); | ||
$table->morphs('tokenable'); | ||
$table->string('name'); | ||
$table->string('token', 64)->unique(); | ||
$table->text('abilities')->nullable(); | ||
$table->timestamp('last_used_at')->nullable(); | ||
$table->timestamps(); | ||
}); | ||
} | ||
|
||
/** | ||
* Reverse the migrations. | ||
* | ||
* @return void | ||
*/ | ||
public function down() | ||
{ | ||
Schema::dropIfExists('personal_access_tokens'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.