lucas.mathieu/cachet-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hide disabled components from public API. Closes #1095

Browse Source
This commit is contained in:
James Brooks
2015-11-04 14:59:11 +00:00
parent 32d4aae76e
commit fbc4041bf7
4 changed files with 91 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/Api/ComponentController.php
View File

@@ -18,6 +18,7 @@ use CachetHQ\Cachet\Models\Component;
use CachetHQ\Cachet\Models\Tag;
use Exception;
use GrahamCampbell\Binput\Facades\Binput;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
@@ -30,14 +31,19 @@ class ComponentController extends AbstractApiController
* Get all components.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* @param \Illuminate\Contracts\Auth\Guard $auth
*
* @return \Illuminate\Http\JsonResponse
*/
public function getComponents(Request $request)
public function getComponents(Request $request, Guard $auth)
{
$components = Component::paginate(Binput::get('per_page', 20));
if ($auth->check()) {
$components = Component::whereRaw('1 = 1');
} else {
$components = Component::enabled();
}
return $this->paginator($components, $request);
return $this->paginator($components->paginate(Binput::get('per_page', 20)), $request);
}
/**

1
app/Http/Kernel.php
View File

@@ -43,6 +43,7 @@ class Kernel extends HttpKernel
'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate',
'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'auth.api.optional' => 'CachetHQ\Cachet\Http\Middleware\ApiOptionalAuthenticate',
'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated',
'localize' => 'CachetHQ\Cachet\Http\Middleware\Localize',

67
app/Http/Middleware/ApiOptionalAuthenticate.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
/*
* This file is part of Cachet.
*
* (c) Alt Three Services Limited
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace CachetHQ\Cachet\Http\Middleware;
use CachetHQ\Cachet\Models\User;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Symfony\Component\HttpKernel\Exception\HttpException;
class ApiOptionalAuthenticate
{
/**
* The authentication guard instance.
*
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* Create a new api authenticate middleware instance.
*
* @param \Illuminate\Contracts\Auth\Guard $auth
*
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($apiToken = $request->header('X-Cachet-Token')) {
try {
$this->auth->onceUsingId(User::findByApiToken($apiToken)->id);
} catch (ModelNotFoundException $e) {
//
}
} elseif ($request->getUser()) {
if ($this->auth->onceBasic() !== null) {
//
}
}
}
return $next($request);
}
}

2
app/Http/Routes/ApiRoutes.php
View File

@@ -30,7 +30,7 @@ class ApiRoutes
$router->group([
'namespace' => 'Api',
'prefix' => 'api/v1',
'middleware' => ['accept:application/json', 'timezone'],
'middleware' => ['accept:application/json', 'timezone', 'auth.api.optional'],
], function ($router) {
// General
$router->get('ping', 'GeneralController@ping');