12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- <?php
- /**
- * Created by PhpStorm.
- * User: robin
- * Date: 10/19/15
- * Time: 9:14 PM
- */
-
- namespace Luticate\Auth\Business;
-
- use Closure;
- use Illuminate\Http\Request;
- use Luticate\Auth\DBO\LuticatePermissions;
- use Luticate\Auth\DBO\LuticateUsersDbo;
- use Luticate\Utils\LuBusiness;
- use Luticate\Utils\LuController;
-
- class LuticateMiddleware
- {
- const TOKEN_HEADER = "X-Authorization";
-
- /**
- * @param $request Request
- * @param Closure $next
- * @param ...$permissions
- * @return null|string
- */
- public function handle($request, Closure $next, ...$permissions)
- {
- /**
- * @var $user LuticateUsersDbo
- */
- $user = null;
- $token = $request->header(self::TOKEN_HEADER);
- if ($token != null && $token != "") {
- $data = JwtHelper::decode($token);
- if ($data != null) {
- $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
- $salt = $data[LuticateUsersBusiness::KEY_SALT];
- $user = LuticateUsersBusiness::getById($user_id);
- if ($user->getSalt() != $salt) {
- $user = null;
- }
- }
- }
- if (is_null($user)) {
- if ($token != null && $token != "") {
- abort(401, "Invalid token");
- }
- $user = LuticateUsersBusiness::getById(0);
- }
-
- LuticateBusiness::setCurrentUser($user);
- LuBusiness::$parameters["_user"] = $user;
-
- $permissions[] = LuticatePermissions::USER_LOGIN;
- foreach ($permissions as $permission) {
- try {
- $perm = LuticatePermissionsBusiness::getEffectivePermission($user->getId(), $permission);
- if (!$perm->getValue()) {
- abort(401, "Permission denied");
- }
- } catch (\Exception $e)
- {
- abort(401, "Permission denied");
- }
- }
- return $next($request);
- }
- }
|