Change header from Authorization to X-API-KEY to avoid Apache issues
This commit is contained in:
@@ -22,13 +22,15 @@ class ApiAuth
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
// Check if Authorization header is in place
|
||||
$auth = $request->header('Authorization', null);
|
||||
if($auth === null) {
|
||||
return $this->unauthorized('Authorization header missing');
|
||||
$api_key = $request->header('x-api-key', null);
|
||||
if($api_key === null) {
|
||||
$api_key = $request->header('Authorization', null);
|
||||
if ($api_key === null) {
|
||||
return $this->unauthorized('X-API-KEY header missing');
|
||||
}
|
||||
}
|
||||
|
||||
// Try to find the user via API key. Cache this lookup
|
||||
$api_key = $request->header('Authorization');
|
||||
$user = User::where('api_key', $api_key)->first();
|
||||
if($user === null) {
|
||||
return $this->unauthorized('User not found with key "'.$api_key.'"');
|
||||
|
||||
Reference in New Issue
Block a user