lucas.mathieu/cachet-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hide disabled components from public API. Closes #1095

Browse Source
This commit is contained in:
James Brooks
2015-11-04 14:59:11 +00:00
parent 32d4aae76e
commit fbc4041bf7
4 changed files with 91 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/Api/ComponentController.php
View File

@@ -18,6 +18,7 @@ use CachetHQ\Cachet\Models\Component;
use CachetHQ\Cachet\Models\Tag; use CachetHQ\Cachet\Models\Tag;
use Exception; use Exception;
use GrahamCampbell\Binput\Facades\Binput; use GrahamCampbell\Binput\Facades\Binput;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
@@ -30,14 +31,19 @@ class ComponentController extends AbstractApiController
* Get all components. * Get all components.
* *
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\Request $request
* @param \Illuminate\Contracts\Auth\Guard $auth
* *
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
*/ */
public function getComponents(Request $request) public function getComponents(Request $request, Guard $auth)
{ {
$components = Component::paginate(Binput::get('per_page', 20)); if ($auth->check()) {
$components = Component::whereRaw('1 = 1');
} else {
$components = Component::enabled();
}
return $this->paginator($components, $request); return $this->paginator($components->paginate(Binput::get('per_page', 20)), $request);
} }
/** /**

27
app/Http/Kernel.php
View File

@@ -35,18 +35,19 @@ class Kernel extends HttpKernel
* @var array * @var array
*/ */
protected $routeMiddleware = [ protected $routeMiddleware = [
'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable', 'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable',
'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin', 'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin',
'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting', 'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup', 'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured', 'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured',
'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate', 'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate',
'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate', 'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth', 'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken', 'auth.api.optional' => 'CachetHQ\Cachet\Http\Middleware\ApiOptionalAuthenticate',
'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated', 'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
'localize' => 'CachetHQ\Cachet\Http\Middleware\Localize', 'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated',
'timezone' => 'CachetHQ\Cachet\Http\Middleware\Timezone', 'localize' => 'CachetHQ\Cachet\Http\Middleware\Localize',
'throttling' => 'GrahamCampbell\Throttle\Http\Middleware\ThrottleMiddleware', 'timezone' => 'CachetHQ\Cachet\Http\Middleware\Timezone',
'throttling' => 'GrahamCampbell\Throttle\Http\Middleware\ThrottleMiddleware',
]; ];
} }

67
app/Http/Middleware/ApiOptionalAuthenticate.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
/*
* This file is part of Cachet.
*
* (c) Alt Three Services Limited
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace CachetHQ\Cachet\Http\Middleware;
use CachetHQ\Cachet\Models\User;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Symfony\Component\HttpKernel\Exception\HttpException;
class ApiOptionalAuthenticate
{
/**
* The authentication guard instance.
*
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* Create a new api authenticate middleware instance.
*
* @param \Illuminate\Contracts\Auth\Guard $auth
*
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($apiToken = $request->header('X-Cachet-Token')) {
try {
$this->auth->onceUsingId(User::findByApiToken($apiToken)->id);
} catch (ModelNotFoundException $e) {
//
}
} elseif ($request->getUser()) {
if ($this->auth->onceBasic() !== null) {
//
}
}
}
return $next($request);
}
}

2
app/Http/Routes/ApiRoutes.php
View File

@@ -30,7 +30,7 @@ class ApiRoutes
$router->group([ $router->group([
'namespace' => 'Api', 'namespace' => 'Api',
'prefix' => 'api/v1', 'prefix' => 'api/v1',
'middleware' => ['accept:application/json', 'timezone'], 'middleware' => ['accept:application/json', 'timezone', 'auth.api.optional'],
], function ($router) { ], function ($router) {
// General // General
$router->get('ping', 'GeneralController@ping'); $router->get('ping', 'GeneralController@ping');