luticate
/
api-auth
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 6 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 Commit
2 分支
分支: master
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
api-auth/src/Auth/Business/LuticateMiddleware.php

LuticateMiddleware.php 1.9KB
永久連結 文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. <?php

  2. /**

  3.  * Created by PhpStorm.

  4.  * User: robin

  5.  * Date: 10/19/15

  6.  * Time: 9:14 PM

  7.  */

  8. 

  9. namespace Luticate\Auth\Business;

  10. 

  11. use Closure;

  12. use Illuminate\Http\Request;

  13. use Luticate\Auth\DBO\LuticatePermissions;

  14. use Luticate\Auth\DBO\LuticateUsersDbo;

  15. use Luticate\Utils\LuBusiness;

  16. use Luticate\Utils\LuController;

  17. 

  18. class LuticateMiddleware

  19. {

  20.     const TOKEN_HEADER = "X-Authorization";

  21. 

  22.     /**

  23.      * @param $request Request

  24.      * @param Closure $next

  25.      * @param ...$permissions

  26.      * @return null|string

  27.      */

  28.     public function handle($request, Closure $next, ...$permissions)

  29.     {

  30.         /**

  31.          * @var $user LuticateUsersDbo

  32.          */

  33.         $user = null;

  34.         $token = $request->header(self::TOKEN_HEADER);

  35.         if ($token != null && $token != "") {

  36.             $data = JwtHelper::decode($token);

  37.             if ($data != null) {

  38.                 $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];

  39.                 $salt = $data[LuticateUsersBusiness::KEY_SALT];

  40.                 $user = LuticateUsersBusiness::getById($user_id);

  41.                 if ($user->getSalt() != $salt) {

  42.                     $user = null;

  43.                 }

  44.             }

  45.         }

  46.         if (is_null($user)) {

  47.             if ($token != null && $token != "") {

  48.                 abort(401, "Invalid token");

  49.             }

  50.             $user = LuticateUsersBusiness::getById(0);

  51.         }

  52. 

  53.         LuticateBusiness::setCurrentUser($user);

  54.         LuBusiness::$parameters["_user"] = $user;

  55. 

  56.         $permissions[] = LuticatePermissions::USER_LOGIN;

  57.         foreach ($permissions as $permission) {

  58.             try {

  59.                 $perm = LuticatePermissionsBusiness::getEffectivePermission($user->getId(), $permission);

  60.                 if (!$perm->getValue()) {

  61.                     abort(401, "Permission denied");

  62.                 }

  63.             } catch (\Exception $e)

  64.             {

  65.                 abort(401, "Permission denied");

  66.             }

  67.         }

  68.         return $next($request);

  69.     }

  70. }