Move initial check of bearer token into a middleware
This commit is contained in:
parent
b4ddbbdf8b
commit
9c9d8bcd50
4 changed files with 205 additions and 220 deletions
|
|
@ -47,10 +47,7 @@ class MicropubController extends Controller
|
|||
*/
|
||||
public function post(Request $request)
|
||||
{
|
||||
$httpAuth = $request->header('Authorization');
|
||||
if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
|
||||
$token = $match[1];
|
||||
$tokenData = $this->tokenService->validateToken($token);
|
||||
$tokenData = $this->tokenService->validateToken($request->bearerToken());
|
||||
if ($tokenData->hasClaim('scope')) {
|
||||
$scopes = explode(' ', $tokenData->getClaim('scope'));
|
||||
if (array_search('post', $scopes) !== false) {
|
||||
|
|
@ -154,13 +151,6 @@ class MicropubController extends Controller
|
|||
], 400);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'response' => 'error',
|
||||
'error' => 'no_token',
|
||||
'error_description' => 'No OAuth token sent with request',
|
||||
], 400);
|
||||
}
|
||||
|
||||
/**
|
||||
* A GET request has been made to `api/post` with an accompanying
|
||||
* token, here we check wether the token is valid and respond
|
||||
|
|
@ -172,11 +162,7 @@ class MicropubController extends Controller
|
|||
*/
|
||||
public function get(Request $request)
|
||||
{
|
||||
$httpAuth = $request->header('Authorization');
|
||||
if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
|
||||
$token = $match[1];
|
||||
$valid = $this->tokenService->validateToken($token);
|
||||
|
||||
$tokenData = $this->tokenService->validateToken($request->bearerToken());
|
||||
if ($valid === null) {
|
||||
return response()->json([
|
||||
'response' => 'error',
|
||||
|
|
@ -229,13 +215,6 @@ class MicropubController extends Controller
|
|||
]);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'response' => 'error',
|
||||
'error' => 'no_token',
|
||||
'error_description' => 'No token provided with request',
|
||||
], 400);
|
||||
}
|
||||
|
||||
/**
|
||||
* Process a media item posted to the media endpoint.
|
||||
*
|
||||
|
|
@ -244,12 +223,7 @@ class MicropubController extends Controller
|
|||
*/
|
||||
public function media(Request $request)
|
||||
{
|
||||
//can this go in middleware
|
||||
$httpAuth = $request->header('Authorization');
|
||||
if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
|
||||
$token = $match[1];
|
||||
$tokenData = $this->tokenService->validateToken($token);
|
||||
|
||||
$tokenData = $this->tokenService->validateToken($request->bearerToken());
|
||||
if ($tokenData === null) {
|
||||
return response()->json([
|
||||
'response' => 'error',
|
||||
|
|
@ -309,20 +283,6 @@ class MicropubController extends Controller
|
|||
], 401);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'response' => 'error',
|
||||
'error' => 'unauthorized',
|
||||
'error_description' => 'No token provided with request',
|
||||
], 401);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'response' => 'error',
|
||||
'error' => 'no_token',
|
||||
'error_description' => 'There was no token provided with the request',
|
||||
], 400);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the file type from the mimetype of the uploaded file.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -58,5 +58,6 @@ class Kernel extends HttpKernel
|
|||
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
|
||||
'myauth' => \App\Http\Middleware\MyAuthMiddleware::class,
|
||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'micropub.token' => \App\Http\Middleware\VerifyMicropubToken::class,
|
||||
];
|
||||
}
|
||||
|
|
|
|||
24
app/Http/Middleware/VerifyMicropubToken.php
Normal file
24
app/Http/Middleware/VerifyMicropubToken.php
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
|
||||
class VerifyMicropubToken
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if ($request->bearerToken() === null) {
|
||||
abort(401);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -116,9 +116,9 @@ Route::group(['domain' => config('url.longurl')], function () {
|
|||
Route::get('micropub/media/clearlinks', 'MicropubClientController@clearLinks');
|
||||
|
||||
// Micropub Endpoint
|
||||
Route::get('api/post', 'MicropubController@get');
|
||||
Route::post('api/post', 'MicropubController@post');
|
||||
Route::post('api/media', 'MicropubController@media')->name('media-endpoint');
|
||||
Route::get('api/post', 'MicropubController@get')->middleware('micropub.token');
|
||||
Route::post('api/post', 'MicropubController@post')->middleware('micropub.token');
|
||||
Route::post('api/media', 'MicropubController@media')->middleware('micropub.token')->name('media-endpoint');
|
||||
|
||||
//webmention
|
||||
Route::get('webmention', 'WebMentionsController@get');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue