From dd0f053b90d0905b02a406afef43b7da84f822d1 Mon Sep 17 00:00:00 2001
From: Yaro <12fcv4@gmail.com>
Date: Wed, 6 Sep 2017 10:36:54 +0300
Subject: [PATCH] Add basic auth middleware

---
 README.md                         |  7 +++++++
 config/apidocs.php                | 11 ++++++++++
 src/Http/Middleware/BasicAuth.php | 34 +++++++++++++++++++++++++++++++
 src/ServiceProvider.php           | 17 +++++++++++++++-
 4 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 src/Http/Middleware/BasicAuth.php

diff --git a/README.md b/README.md
index 876ab53..5a38157 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,13 @@ Route::get('/docs', function() {
 });
 ```
 
+Also you can force authorization prompt by adding ```apidocs.auth.basic``` middleware. Authorized identites placed under ```apidocs.auth.credentials``` config.
+```php
+Route::get('/docs', function() {
+    return ApiDocs::show();
+})->middleware(['apidocs.auth.basic']);
+```
+
 To exclude some routes/classes add them to config's ```exclude```. Asterisks may be used to indicate wildcards.
 ```php
 'exclude' => [
diff --git a/config/apidocs.php b/config/apidocs.php
index 2d892ac..1c61f79 100644
--- a/config/apidocs.php
+++ b/config/apidocs.php
@@ -21,6 +21,17 @@
         //'Controllers',
     ],
     
+    /**
+     * Options for basic auth middleware.
+     */
+    'auth' => [
+        'enabled' => false,
+    
+        'credentials' => [
+            // ['username', 'password'],
+        ],
+    ],
+    
     /**
      * Exclude specific routes from documentation. Asterisks may be used to indicate wildcards.
      */
diff --git a/src/Http/Middleware/BasicAuth.php b/src/Http/Middleware/BasicAuth.php
new file mode 100644
index 0000000..58e9728
--- /dev/null
+++ b/src/Http/Middleware/BasicAuth.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Yaro\ApiDocs\Http\Middleware;
+
+class BasicAuth
+{
+    
+    public function handle($request, $next)
+    {
+        if ($this->isAuthorized($request)) {
+            return response('Unauthorized', 401, [
+                'WWW-Authenticate' => 'Basic',
+            ]);
+        }
+        
+        return $next($request);
+    }
+    
+    private function isAuthorized($request) 
+    {
+        if (!config('yaro.apidocs.auth.enabled', false)) {
+            return true;
+        }
+        
+        $authorized = collect(config('yaro.apidocs.auth.credentials', []));
+        $credentials = [
+            $request->getUser(), 
+            $request->getPassword()
+        ];
+        
+        return !$authorized->contains($credentials);
+    }
+    
+}
diff --git a/src/ServiceProvider.php b/src/ServiceProvider.php
index 739ee3a..40e64ce 100644
--- a/src/ServiceProvider.php
+++ b/src/ServiceProvider.php
@@ -3,8 +3,10 @@
 namespace Yaro\ApiDocs;
 
 use Yaro\ApiDocs\Commands\BlueprintCreate;
+use Yaro\ApiDocs\Http\Middleware\BasicAuth;
+use Illuminate\Support\ServiceProvider as IlluminateServiceProvider;
 
-class ServiceProvider extends \Illuminate\Support\ServiceProvider
+class ServiceProvider extends IlluminateServiceProvider
 {
 
     protected $defer = false;
@@ -21,6 +23,8 @@ public function boot()
         $this->commands([
             'command.apidocs:blueprint-create',
         ]);
+        
+        $this->addMiddlewareAlias('apidocs.auth.basic', BasicAuth::class);
     } // end boot
 
     public function register()
@@ -33,4 +37,15 @@ public function register()
         });
     } // end register
     
+    private function addMiddlewareAlias($name, $class)
+    {
+        $router = $this->app['router'];
+
+        if (method_exists($router, 'aliasMiddleware')) {
+            return $router->aliasMiddleware($name, $class);
+        }
+
+        return $router->middleware($name, $class);
+    }
+    
 }