mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-07-25 18:42:01 +03:00
.github
app
Actions
Api
Auth
Config
Console
Entities
Exceptions
Facades
Http
Controllers
Middleware
ApiAuthenticate.php
ApplyCspRules.php
Authenticate.php
AuthenticatedOrPendingMfa.php
CheckEmailConfirmed.php
CheckGuard.php
CheckUserHasPermission.php
EncryptCookies.php
Localization.php
PreventAuthenticatedResponseCaching.php
PreventRequestsDuringMaintenance.php
RedirectIfAuthenticated.php
RunThemeActions.php
StartSessionIfCookieExists.php
ThrottleApiRequests.php
TrimStrings.php
TrustHosts.php
TrustProxies.php
VerifyCsrfToken.php
Requests
Kernel.php
Request.php
Interfaces
Notifications
Providers
Settings
Theming
Traits
Translation
Uploads
Util
Application.php
Model.php
helpers.php
bootstrap
database
dev
public
resources
routes
storage
tests
themes
.env.example
.env.example.complete
.gitattributes
.gitignore
LICENSE
artisan
composer.json
composer.lock
crowdin.yml
docker-compose.yml
package-lock.json
package.json
phpstan.neon.dist
phpunit.xml
readme.md
server.php
version
65 lines
1.8 KiB
PHP
65 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use BookStack\Exceptions\ApiAuthException;
|
|
use BookStack\Exceptions\UnauthorizedException;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
|
|
class ApiAuthenticate
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*/
|
|
public function handle(Request $request, Closure $next)
|
|
{
|
|
// Validate the token and it's users API access
|
|
try {
|
|
$this->ensureAuthorizedBySessionOrToken();
|
|
} catch (UnauthorizedException $exception) {
|
|
return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
/**
|
|
* Ensure the current user can access authenticated API routes, either via existing session
|
|
* authentication or via API Token authentication.
|
|
*
|
|
* @throws UnauthorizedException
|
|
*/
|
|
protected function ensureAuthorizedBySessionOrToken(): void
|
|
{
|
|
// Return if the user is already found to be signed in via session-based auth.
|
|
// This is to make it easy to browser the API via browser after just logging into the system.
|
|
if (signedInUser() || session()->isStarted()) {
|
|
if (!user()->can('access-api')) {
|
|
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
// Set our api guard to be the default for this request lifecycle.
|
|
auth()->shouldUse('api');
|
|
|
|
// Validate the token and it's users API access
|
|
auth()->authenticate();
|
|
}
|
|
|
|
/**
|
|
* Provide a standard API unauthorised response.
|
|
*/
|
|
protected function unauthorisedResponse(string $message, int $code)
|
|
{
|
|
return response()->json([
|
|
'error' => [
|
|
'code' => $code,
|
|
'message' => $message,
|
|
],
|
|
], $code);
|
|
}
|
|
}
|