Sign upLogin

eveseat/api

View on GitHub
Star
src/Http/Middleware/ApiToken.php

Summary

Maintainability
A
0 mins
Test Coverage
<?php

/*
 * This file is part of SeAT
 *
 * Copyright (C) 2015 to 2022 Leon Jacobs
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

namespace Seat\Api\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Seat\Api\Models\ApiToken as ApiTokenModel;
use Seat\Api\Models\ApiTokenLog;

/**
 * Class ApiToken.
 *
 * @package Seat\Api\Http\Middleware
 */
class ApiToken
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        if (! $this->valid_token_ip($request)) {

            $this->log_activity($request, 'deny');

            return response()->json('Unauthorized', 401);
        }

        $this->log_activity($request, 'allow');

        return $next($request);
    }

    /**
     * Validate a token / ip pair from a Request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return mixed
     */
    public function valid_token_ip(Request $request)
    {
        $tk = ApiTokenModel::where('token', $request->header('X-Token'))
                        ->first();

        return $tk && ($tk->allowed_src == $request->getClientIp() || $tk->allowed_src == '0.0.0.0');
    }

    /**
     * Log an API request based on the config setting.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  $action
     */
    public function log_activity(Request $request, $action)
    {

        if (config('api.config.log_requests')) {

            $token_id = ApiTokenModel::where('token',
                $request->header('X-Token'))
                ->value('id');

            ApiTokenLog::create([
                'api_token_id' => $token_id,
                'action'       => $action,
                'method'       => $request->method(),
                'request_path' => $request->path(),
                'src_ip'       => $request->getClientIp(),
            ]);
        }
    }
}