mirror of
https://github.com/flarum/framework.git
synced 2025-06-03 22:43:10 +08:00

This means that flood control can be disabled depending on the nature of the request (i.e. when authenticated using a master API key). The particular use case for this is to allow using the API to migrate data from an old forum.
70 lines
1.8 KiB
PHP
70 lines
1.8 KiB
PHP
<?php
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* (c) Toby Zerner <toby.zerner@gmail.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\Http\Middleware;
|
|
|
|
use DateTime;
|
|
use Flarum\Api\ApiKey;
|
|
use Flarum\Core\User;
|
|
use Flarum\Http\AccessToken;
|
|
use Psr\Http\Message\ResponseInterface as Response;
|
|
use Psr\Http\Message\ServerRequestInterface as Request;
|
|
use Zend\Stratigility\MiddlewareInterface;
|
|
|
|
class AuthenticateWithHeader implements MiddlewareInterface
|
|
{
|
|
/**
|
|
* @var string
|
|
*/
|
|
protected $prefix = 'Token ';
|
|
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
public function __invoke(Request $request, Response $response, callable $out = null)
|
|
{
|
|
$headerLine = $request->getHeaderLine('authorization');
|
|
|
|
$parts = explode(';', $headerLine);
|
|
|
|
if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
|
|
$id = substr($parts[0], strlen($this->prefix));
|
|
|
|
if (isset($parts[1])) {
|
|
if (ApiKey::find($id)) {
|
|
$actor = $this->getUser($parts[1]);
|
|
|
|
$request = $request->withAttribute('bypassFloodgate', true);
|
|
}
|
|
} elseif ($token = AccessToken::find($id)) {
|
|
$token->touch();
|
|
|
|
$actor = $token->user;
|
|
}
|
|
|
|
if (isset($actor)) {
|
|
$request = $request->withAttribute('actor', $actor);
|
|
$request = $request->withoutAttribute('session');
|
|
}
|
|
}
|
|
|
|
return $out ? $out($request, $response) : $response;
|
|
}
|
|
|
|
private function getUser($string)
|
|
{
|
|
$parts = explode('=', trim($string));
|
|
|
|
if (isset($parts[0]) && $parts[0] === 'userId') {
|
|
return User::find($parts[1]);
|
|
}
|
|
}
|
|
}
|