#36 Add authentication for API; generate API key

2017-12-11 22:05:22 -06:00
parent 8a6bba0d0b
commit 0f18e60fd9
12 changed files with 173 additions and 18 deletions
--- a/app/Http/Controllers/Api/AirportController.php
+++ b/app/Http/Controllers/Api/AirportController.php
@@ -19,6 +19,18 @@ class AirportController extends AppBaseController
        $this->airportRepo = $airportRepo;
    }

+    /**
+     * Do a lookup, via vaCentral, for the airport information
+     * @param $id
+     * @return AirportResource
+     */
+    public function get($id)
+    {
+        $id = strtoupper($id);
+        AirportResource::withoutWrapping();
+        return new AirportResource($this->airportRepo->find($id));
+    }
+
    /**
     * Do a lookup, via vaCentral, for the airport information
     * @param $id
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -47,6 +47,7 @@ class Kernel extends HttpKernel
     * @var array
     */
    protected $routeMiddleware = [
+        'api.auth' => \App\Http\Middleware\ApiAuth::class,
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
--- a/app/Http/Middleware/ApiAuth.php
+++ b/app/Http/Middleware/ApiAuth.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Handle the authentication for the API layer
+ */
+
+namespace App\Http\Middleware;
+
+use Auth;
+use Cache;
+use Closure;
+use App\Models\User;
+
+class ApiAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        // Check if Authorization header is in place
+        if(!$request->header('Authorization')) {
+            return $this->unauthorized();
+        }
+
+        // Try to find the user via API key. Cache this lookup
+        $api_key = $request->header('Authorization');
+        $user = Cache::remember(
+            config('cache.keys.USER_API_KEY.key') . $api_key,
+            config('cache.keys.USER_API_KEY.time'),
+            function () use ($api_key) {
+                return User::where('apikey', $api_key)->first();
+            }
+        );
+
+        if(!$user) {
+            return $this->unauthorized();
+        }
+
+        // Set the user to the request
+        Auth::setUser($user);
+        $request->merge(['user' => $user]);
+        $request->setUserResolver(function () use ($user) {
+            return $user;
+        });
+
+        return $next($request);
+    }
+
+    /**
+     * Return an unauthorized message
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
+     */
+    private function unauthorized()
+    {
+        return response([
+            'error' => [
+                'code' => '401',
+                'http_code' => 'Unauthorized',
+                'message' => 'Invalid or missing API key',
+            ],
+        ], 401);
+    }
+}
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -96,6 +96,16 @@ class User extends Authenticatable

    ];

+    /**
+     * Returns a 40 character API key that a user can use
+     * @return string
+     */
+    public static function generateApiKey()
+    {
+        $key = sha1(time() . mt_rand());
+        return $key;
+    }
+
    public function pilot_id()
    {
        return $this->airline->icao.str_pad($this->id, 3, '0', STR_PAD_LEFT);
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -68,7 +68,7 @@ class RouteServiceProvider extends ServiceProvider
        Route::group([
            'middleware' => [
                'api',
-                //\App\Http\Middleware\MeasureExecutionTime::class
+                'api.auth',
            ],
            'namespace' => $this->namespace."\\API",
            'prefix' => 'api',
--- a/app/Services/PilotService.php
+++ b/app/Services/PilotService.php
@@ -67,23 +67,26 @@ class PilotService extends BaseService

    public function createPilot(array $data)
    {
-        $user = User::create(['name' => $data['name'],
-                              'email' => $data['email'],
-                              'airline_id' => $data['airline'],
-                              'home_airport_id' => $data['home_airport'],
-                              'curr_airport_id' => $data['home_airport'],
-                              'password' => Hash::make($data['password'])]);
+        $user = User::create([
+            'name' => $data['name'],
+            'email' => $data['email'],
+            'apikey' => User::generateApiKey(),
+            'airline_id' => $data['airline'],
+            'home_airport_id' => $data['home_airport'],
+            'curr_airport_id' => $data['home_airport'],
+            'password' => Hash::make($data['password'])
+        ]);
+
        # Attach the user roles
        $role = Role::where('name', 'user')->first();
        $user->attachRole($role);
+
        # Let's check their rank
        $this->calculatePilotRank($user);

-        event(new UserRegistered($user));
        # TODO: Send out an email
+        event(new UserRegistered($user));

-        # Looking good, let's return their information
        return $user;
    }
-
 }