#36 Add authentication for API; generate API key

2017-12-11 22:05:22 -06:00
parent 8a6bba0d0b
commit 0f18e60fd9
12 changed files with 173 additions and 18 deletions
--- a/app/Http/Controllers/Api/AirportController.php
+++ b/app/Http/Controllers/Api/AirportController.php
@@ -19,6 +19,18 @@ class AirportController extends AppBaseController
        $this->airportRepo = $airportRepo;
    }

+    /**
+     * Do a lookup, via vaCentral, for the airport information
+     * @param $id
+     * @return AirportResource
+     */
+    public function get($id)
+    {
+        $id = strtoupper($id);
+        AirportResource::withoutWrapping();
+        return new AirportResource($this->airportRepo->find($id));
+    }
+
    /**
     * Do a lookup, via vaCentral, for the airport information
     * @param $id
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -47,6 +47,7 @@ class Kernel extends HttpKernel
     * @var array
     */
    protected $routeMiddleware = [
+        'api.auth' => \App\Http\Middleware\ApiAuth::class,
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
--- a/app/Http/Middleware/ApiAuth.php
+++ b/app/Http/Middleware/ApiAuth.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Handle the authentication for the API layer
+ */
+
+namespace App\Http\Middleware;
+
+use Auth;
+use Cache;
+use Closure;
+use App\Models\User;
+
+class ApiAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        // Check if Authorization header is in place
+        if(!$request->header('Authorization')) {
+            return $this->unauthorized();
+        }
+
+        // Try to find the user via API key. Cache this lookup
+        $api_key = $request->header('Authorization');
+        $user = Cache::remember(
+            config('cache.keys.USER_API_KEY.key') . $api_key,
+            config('cache.keys.USER_API_KEY.time'),
+            function () use ($api_key) {
+                return User::where('apikey', $api_key)->first();
+            }
+        );
+
+        if(!$user) {
+            return $this->unauthorized();
+        }
+
+        // Set the user to the request
+        Auth::setUser($user);
+        $request->merge(['user' => $user]);
+        $request->setUserResolver(function () use ($user) {
+            return $user;
+        });
+
+        return $next($request);
+    }
+
+    /**
+     * Return an unauthorized message
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
+     */
+    private function unauthorized()
+    {
+        return response([
+            'error' => [
+                'code' => '401',
+                'http_code' => 'Unauthorized',
+                'message' => 'Invalid or missing API key',
+            ],
+        ], 401);
+    }
+}