jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Move initial check of bearer token into a middleware

Browse source
This commit is contained in:
Jonny Barnes 2017-03-24 15:40:36 +00:00
parent b4ddbbdf8b
commit 9c9d8bcd50
4 changed files with 205 additions and 220 deletions
Download patch file Download diff file Expand all files Collapse all files

46
app/Http/Controllers/MicropubController.php
View file

@ -47,10 +47,7 @@ class MicropubController extends Controller
*/ */
public function post(Request $request) public function post(Request $request)
{ {
$httpAuth = $request->header('Authorization'); $tokenData = $this->tokenService->validateToken($request->bearerToken());
if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
$token = $match[1];
$tokenData = $this->tokenService->validateToken($token);
if ($tokenData->hasClaim('scope')) { if ($tokenData->hasClaim('scope')) {
$scopes = explode(' ', $tokenData->getClaim('scope')); $scopes = explode(' ', $tokenData->getClaim('scope'));
if (array_search('post', $scopes) !== false) { if (array_search('post', $scopes) !== false) {
@ -154,13 +151,6 @@ class MicropubController extends Controller
], 400); ], 400);
} }
return response()->json([
'response' => 'error',
'error' => 'no_token',
'error_description' => 'No OAuth token sent with request',
], 400);
}
/** /**
* A GET request has been made to `api/post` with an accompanying * A GET request has been made to `api/post` with an accompanying
* token, here we check wether the token is valid and respond * token, here we check wether the token is valid and respond
@ -172,11 +162,7 @@ class MicropubController extends Controller
*/ */
public function get(Request $request) public function get(Request $request)
{ {
$httpAuth = $request->header('Authorization'); $tokenData = $this->tokenService->validateToken($request->bearerToken());
if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
$token = $match[1];
$valid = $this->tokenService->validateToken($token);
if ($valid === null) { if ($valid === null) {
return response()->json([ return response()->json([
'response' => 'error', 'response' => 'error',
@ -229,13 +215,6 @@ class MicropubController extends Controller
]); ]);
} }
return response()->json([
'response' => 'error',
'error' => 'no_token',
'error_description' => 'No token provided with request',
], 400);
}
/** /**
* Process a media item posted to the media endpoint. * Process a media item posted to the media endpoint.
* *
@ -244,12 +223,7 @@ class MicropubController extends Controller
*/ */
public function media(Request $request) public function media(Request $request)
{ {
//can this go in middleware $tokenData = $this->tokenService->validateToken($request->bearerToken());
$httpAuth = $request->header('Authorization');
if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
$token = $match[1];
$tokenData = $this->tokenService->validateToken($token);
if ($tokenData === null) { if ($tokenData === null) {
return response()->json([ return response()->json([
'response' => 'error', 'response' => 'error',
@ -309,20 +283,6 @@ class MicropubController extends Controller
], 401); ], 401);
} }
return response()->json([
'response' => 'error',
'error' => 'unauthorized',
'error_description' => 'No token provided with request',
], 401);
}
return response()->json([
'response' => 'error',
'error' => 'no_token',
'error_description' => 'There was no token provided with the request',
], 400);
}
/** /**
* Get the file type from the mimetype of the uploaded file. * Get the file type from the mimetype of the uploaded file.
* *

1
app/Http/Kernel.php
View file

@ -58,5 +58,6 @@ class Kernel extends HttpKernel
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'myauth' => \App\Http\Middleware\MyAuthMiddleware::class, 'myauth' => \App\Http\Middleware\MyAuthMiddleware::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'micropub.token' => \App\Http\Middleware\VerifyMicropubToken::class,
]; ];
} }

24
app/Http/Middleware/VerifyMicropubToken.php Normal file
View file

@ -0,0 +1,24 @@
<?php
namespace App\Http\Middleware;
use Closure;
class VerifyMicropubToken
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->bearerToken() === null) {
abort(401);
}
return $next($request);
}
}

6
routes/web.php
View file

@ -116,9 +116,9 @@ Route::group(['domain' => config('url.longurl')], function () {
Route::get('micropub/media/clearlinks', 'MicropubClientController@clearLinks'); Route::get('micropub/media/clearlinks', 'MicropubClientController@clearLinks');
// Micropub Endpoint // Micropub Endpoint
Route::get('api/post', 'MicropubController@get'); Route::get('api/post', 'MicropubController@get')->middleware('micropub.token');
Route::post('api/post', 'MicropubController@post'); Route::post('api/post', 'MicropubController@post')->middleware('micropub.token');
Route::post('api/media', 'MicropubController@media')->name('media-endpoint'); Route::post('api/media', 'MicropubController@media')->middleware('micropub.token')->name('media-endpoint');
//webmention //webmention
Route::get('webmention', 'WebMentionsController@get'); Route::get('webmention', 'WebMentionsController@get');