Linked new API token system into middleware

Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API.
2025-07-28 17:02:04 +03:00 · 2019-12-30 02:16:07 +00:00
parent 2cfa37399c
commit 3de55ee645
7 changed files with 183 additions and 37 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -1,21 +1,38 @@
 <?php namespace BookStack\Http;

+use BookStack\Http\Middleware\ApiAuthenticate;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;

 class Kernel extends HttpKernel
 {
    /**
     * The application's global HTTP middleware stack.
-     *
     * These middleware are run during every request to your application.
-     *
-     * @var array
     */
    protected $middleware = [
        \BookStack\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \BookStack\Http\Middleware\TrimStrings::class,
        \BookStack\Http\Middleware\TrustProxies::class,
+
+    ];
+
+    /**
+     * The priority ordering of middleware.
+     */
+    protected $middlewarePriority = [
+        \BookStack\Http\Middleware\EncryptCookies::class,
+        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+        \Illuminate\Session\Middleware\StartSession::class,
+        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+        \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        \BookStack\Http\Middleware\VerifyCsrfToken::class,
+        \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        \BookStack\Http\Middleware\Localization::class,
+        \BookStack\Http\Middleware\GlobalViewData::class,
+        \BookStack\Http\Middleware\Authenticate::class,
+        \BookStack\Http\Middleware\ApiAuthenticate::class,
+        \BookStack\Http\Middleware\ConfirmEmails::class,
    ];

    /**
@ -31,12 +48,16 @@ class Kernel extends HttpKernel
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \Illuminate\Routing\Middleware\ThrottleRequests::class,
            \BookStack\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \BookStack\Http\Middleware\Localization::class,
            \BookStack\Http\Middleware\GlobalViewData::class,
+            \BookStack\Http\Middleware\ConfirmEmails::class,
        ],
        'api' => [
            'throttle:60,1',
+            \BookStack\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            \BookStack\Http\Middleware\ApiAuthenticate::class,
+            \BookStack\Http\Middleware\ConfirmEmails::class,
        ],
    ];

@ -47,7 +68,6 @@ class Kernel extends HttpKernel
     */
    protected $routeMiddleware = [
        'auth'       => \BookStack\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'can'        => \Illuminate\Auth\Middleware\Authorize::class,
        'guest'      => \BookStack\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,