MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-17 13:53:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Push basis of new API key policy

Browse Source 
Will need to revisit this another day when I’m fresh to figure out the
best method to do this.
This commit is contained in:
Dane Everitt
2017-04-07 21:25:17 -04:00
parent 51204b8d9d
commit db4df2bfa1
6 changed files with 104 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Middleware/HMACAuthorization.php
View File

@@ -92,6 +92,7 @@ class HMACAuthorization
$this->checkBearer();
$this->validateRequest();
$this->validateIPAccess();
$this->validateContents();
Auth::loginUsingId($this->key()->user_id);
@@ -137,23 +138,6 @@ class HMACAuthorization
if (! $this->key) {
throw new AccessDeniedHttpException('Unable to identify requester. Authorization token is invalid.');
}
if (empty($this->request()->route()->getName())) {
throw new \Exception('Attempting to access un-named route. This should not be possible.');
}
$this->validateIPAccess();
$query = APIPermission::where('key_id', $this->key()->id)
->where('permission', $this->request()->route()->getName());
if (starts_with($this->request()->route()->getName(), 'api.user')) {
$query->orWhere('permission', 'api.user.*');
}
if (! $query->first()) {
throw new AccessDeniedHttpException('You do not have permission to access this resource on the API.');
}
}
/**