Robin Thoni 9 лет назад
Родитель
Сommit
77f581bb48
2 измененных файлов: 71 добавлений и 55 удалений
  1. 2
    55
      src/Auth/Business/LuticateBusiness.php
  2. 69
    0
      src/Auth/Business/LuticateMiddleware.php

+ 2
- 55
src/Auth/Business/LuticateBusiness.php Просмотреть файл

@@ -16,8 +16,6 @@ use Luticate\Utils\LuRoute;
16 16
 
17 17
 class LuticateBusiness
18 18
 {
19
-    const TOKEN_HEADER = "X-Authorization";
20
-
21 19
     /**
22 20
      * @var LuticateUsersDbo
23 21
      */
@@ -28,52 +26,9 @@ class LuticateBusiness
28 26
         return self::$_currentUser;
29 27
     }
30 28
 
31
-    /**
32
-     * @param $permissions string[]
33
-     * @param $request Request
34
-     * @return bool
35
-     */
36
-    public static function authFilter($permissions, $request)
29
+    public static function setCurrentUser($user)
37 30
     {
38
-        /**
39
-         * @var $user LuticateUsersDbo
40
-         */
41
-        $user = null;
42
-        $token = $request->header(self::TOKEN_HEADER);
43
-        if ($token != null && $token != "") {
44
-            $data = JwtHelper::decode($token);
45
-            if ($data != null) {
46
-                $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
47
-                $salt = $data[LuticateUsersBusiness::KEY_SALT];
48
-                $user = LuticateUsersBusiness::getById($user_id);
49
-                if ($user->getSalt() != $salt) {
50
-                    $user = null;
51
-                }
52
-            }
53
-        }
54
-        if (is_null($user)) {
55
-            if ($token != null && $token != "") {
56
-                return "Invalid token";
57
-            }
58
-            $user = LuticateUsersBusiness::getById(0);
59
-        }
60
-
61 31
         self::$_currentUser = $user;
62
-        LuController::$parameters["user"] = $user;
63
-
64
-        $permissions[] = LuticatePermissions::USER_LOGIN;
65
-        foreach ($permissions as $permission) {
66
-            try {
67
-                $perm = LuticatePermissionsBusiness::getEffectivePermission(self::$_currentUser->getId(), $permission);
68
-                if (!$perm->getValue()) {
69
-                    return "Permission denied";
70
-                }
71
-            }catch (\Exception $e)
72
-            {
73
-                return "Permission denied";
74
-            }
75
-        }
76
-        return null;
77 32
     }
78 33
 
79 34
     /**
@@ -81,15 +36,7 @@ class LuticateBusiness
81 36
      */
82 37
     public static function setupAuth($route)
83 38
     {
84
-        $route->setMiddleware(function($permissions, $request)
85
-        {
86
-            $auth = self::authFilter($permissions, $request);
87
-            if (is_null($auth)) {
88
-                return true;
89
-            }
90
-            abort(401, $auth);
91
-            return false;
92
-        });
39
+        $route->addMiddleware('Luticate\Auth\Business\LuticateMiddleware');
93 40
     }
94 41
 
95 42
     /**

+ 69
- 0
src/Auth/Business/LuticateMiddleware.php Просмотреть файл

@@ -0,0 +1,69 @@
1
+<?php
2
+/**
3
+ * Created by PhpStorm.
4
+ * User: robin
5
+ * Date: 10/19/15
6
+ * Time: 9:14 PM
7
+ */
8
+
9
+namespace Luticate\Auth\Business;
10
+
11
+use Closure;
12
+use Illuminate\Http\Request;
13
+use Luticate\Auth\DBO\LuticatePermissions;
14
+use Luticate\Auth\DBO\LuticateUsersDbo;
15
+use Luticate\Utils\LuController;
16
+
17
+class LuticateMiddleware
18
+{
19
+    const TOKEN_HEADER = "X-Authorization";
20
+
21
+    /**
22
+     * @param $request Request
23
+     * @param Closure $next
24
+     * @param ...$permissions
25
+     * @return null|string
26
+     */
27
+    public function handle($request, Closure $next, ...$permissions)
28
+    {
29
+        /**
30
+         * @var $user LuticateUsersDbo
31
+         */
32
+        $user = null;
33
+        $token = $request->header(self::TOKEN_HEADER);
34
+        if ($token != null && $token != "") {
35
+            $data = JwtHelper::decode($token);
36
+            if ($data != null) {
37
+                $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
38
+                $salt = $data[LuticateUsersBusiness::KEY_SALT];
39
+                $user = LuticateUsersBusiness::getById($user_id);
40
+                if ($user->getSalt() != $salt) {
41
+                    $user = null;
42
+                }
43
+            }
44
+        }
45
+        if (is_null($user)) {
46
+            if ($token != null && $token != "") {
47
+                abort(401, "Invalid token");
48
+            }
49
+            $user = LuticateUsersBusiness::getById(0);
50
+        }
51
+
52
+        LuticateBusiness::setCurrentUser($user);
53
+        LuController::$parameters["user"] = $user;
54
+
55
+        $permissions[] = LuticatePermissions::USER_LOGIN;
56
+        foreach ($permissions as $permission) {
57
+            try {
58
+                $perm = LuticatePermissionsBusiness::getEffectivePermission(LuticateBusiness::getCurrentUser()->getId(), $permission);
59
+                if (!$perm->getValue()) {
60
+                    abort(401, "Permission denied");
61
+                }
62
+            }catch (\Exception $e)
63
+            {
64
+                abort(401, "Permission denied");
65
+            }
66
+        }
67
+        return $next($request);
68
+    }
69
+}

Загрузка…
Отмена
Сохранить