1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 13:12:50 +01:00
invoiceninja/app/Http/Middleware/ApiSecretCheck.php

49 lines
1.3 KiB
PHP
Raw Normal View History

2019-03-27 05:50:13 +01:00
<?php
2019-05-11 05:32:07 +02:00
/**
* Invoice Ninja (https://invoiceninja.com).
2019-05-11 05:32:07 +02:00
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
2024-04-12 06:15:41 +02:00
* @copyright Copyright (c) 2024. Invoice Ninja LLC (https://invoiceninja.com)
2019-05-11 05:32:07 +02:00
*
2021-06-16 08:58:16 +02:00
* @license https://www.elastic.co/licensing/elastic-license
2019-05-11 05:32:07 +02:00
*/
2019-03-27 05:50:13 +01:00
namespace App\Http\Middleware;
2021-05-21 09:39:59 +02:00
use App\Utils\Ninja;
2019-03-27 05:50:13 +01:00
use Closure;
2020-10-28 11:10:49 +01:00
use Illuminate\Http\Request;
use stdClass;
2019-03-27 05:50:13 +01:00
class ApiSecretCheck
{
/**
* Handle an incoming request.
*
2020-10-28 11:10:49 +01:00
* @param Request $request
* @param Closure $next
2019-03-27 05:50:13 +01:00
* @return mixed
*/
public function handle($request, Closure $next)
{
2021-05-21 09:39:59 +02:00
if (! config('ninja.api_secret') || Ninja::isHosted()) {
2020-11-01 22:49:58 +01:00
return $next($request);
2020-11-25 15:19:52 +01:00
}
2020-11-01 22:49:58 +01:00
if ($request->header('X-API-SECRET') && ($request->header('X-API-SECRET') == config('ninja.api_secret'))) {
2019-03-27 05:50:13 +01:00
return $next($request);
} else {
2019-09-24 00:37:38 +02:00
$error = [
'message' => 'Invalid secret',
2024-01-14 05:05:00 +01:00
'errors' => new stdClass(),
2019-09-24 00:37:38 +02:00
];
2019-09-11 07:32:47 +02:00
return response()
2021-12-09 06:34:23 +01:00
->json($error, 403)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Minimum-Client-Version', config('ninja.minimum_client_version'));
2019-03-27 05:50:13 +01:00
}
}
}