Add middleware for Bearer authorization

2020-08-29 14:00:47 +02:00 · 2020-08-29 14:00:47 +02:00 · e7cb1d970b
commit e7cb1d970b
parent fbe2831551
2 changed files with 40 additions and 0 deletions
--- a/app/Http/Middleware/ApiAuthorization.php
+++ b/app/Http/Middleware/ApiAuthorization.php
@ -0,0 +1,38 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\AuthToken;
+use Closure;
+
+class ApiAuthorization
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        // During debug mode disable this check
+        if (config('chaosapi.middleware-enabled')) return $next($request);
+
+        // Get the Authorization header
+        $authHeader = $request->header('Authorization');
+
+        // Check if header present or header malformed
+        if ($authHeader === null) return abort(403);
+        if (!str_starts_with($authHeader, 'Bearer ')) return abort(400);
+
+        $authToken = substr($authHeader, 7);
+        $dbAuthToken = AuthToken::where('token', $authToken)->first();
+
+        // Check token in DB
+        if ($dbAuthToken === null) return abort(401);
+
+        // Valid request
+        return $next($request);
+    }
+}
--- a/config/chaosapi.php
+++ b/config/chaosapi.php
@ -1,5 +1,7 @@
 <?php

 return [
+    'middleware-enabled' => env('APP_DEBUG', false),
+
    'cachetime' => 60
 ];