/
AuthenticateWithHeader.php
69 lines (53 loc) · 2.03 KB
/
AuthenticateWithHeader.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Http\Middleware;
use Flarum\Api\ApiKey;
use Flarum\Http\AccessToken;
use Flarum\Http\RequestUtil;
use Flarum\User\User;
use Illuminate\Support\Str;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\MiddlewareInterface as Middleware;
use Psr\Http\Server\RequestHandlerInterface as Handler;
class AuthenticateWithHeader implements Middleware
{
const TOKEN_PREFIX = 'Token ';
public function process(Request $request, Handler $handler): Response
{
$headerLine = $request->getHeaderLine('authorization');
$parts = explode(';', $headerLine);
if (isset($parts[0]) && Str::startsWith($parts[0], self::TOKEN_PREFIX)) {
$id = substr($parts[0], strlen(self::TOKEN_PREFIX));
if ($key = ApiKey::where('key', $id)->first()) {
$key->touch();
$userId = $parts[1] ?? '';
$actor = $key->user ?? $this->getUser($userId);
$request = $request->withAttribute('apiKey', $key);
$request = $request->withAttribute('bypassThrottling', true);
} elseif ($token = AccessToken::findValid($id)) {
$token->touch($request);
$actor = $token->user;
}
if (isset($actor)) {
$actor->updateLastSeen()->save();
$request = RequestUtil::withActor($request, $actor);
$request = $request->withAttribute('bypassCsrfToken', true);
$request = $request->withoutAttribute('session');
}
}
return $handler->handle($request);
}
private function getUser($string)
{
$parts = explode('=', trim($string));
if (isset($parts[0]) && $parts[0] === 'userId') {
return User::find($parts[1]);
}
}
}