invoiceninja/app/Http/Middleware/ApiSecretCheck.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2022. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://www.elastic.co/licensing/elastic-license
 */

namespace App\Http\Middleware;

use App\Utils\Ninja;
use Closure;
use Illuminate\Http\Request;
use stdClass;

class ApiSecretCheck
{
    /**
     * Handle an incoming request.
     *
     * @param  Request  $request
     * @param Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (! config('ninja.api_secret') || Ninja::isHosted()) {
            return $next($request);
        }

        if ($request->header('X-API-SECRET') && ($request->header('X-API-SECRET') == config('ninja.api_secret'))) {
            return $next($request);
        } else {
            $error = [
                'message' => 'Invalid secret',
                'errors' => new stdClass,
            ];

            return response()
                    ->json($error, 403)
                    ->header('X-App-Version', config('ninja.app_version'))
                    ->header('X-Minimum-Client-Version', config('ninja.minimum_client_version'));
        }
    }
}
Test for API 2019-03-27 05:50:13 +01:00			`<?php`
Update copyright 2019-05-11 05:32:07 +02:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update Copyright text 2022-04-27 05:20:41 +02:00			`* @copyright Copyright (c) 2022. Invoice Ninja LLC (https://invoiceninja.com)`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
Update license in codebase 2021-06-16 08:58:16 +02:00			`* @license https://www.elastic.co/licensing/elastic-license`
Update copyright 2019-05-11 05:32:07 +02:00			`*/`
Test for API 2019-03-27 05:50:13 +01:00
			`namespace App\Http\Middleware;`

v5.1.63 2021-05-21 09:39:59 +02:00			`use App\Utils\Ninja;`
Test for API 2019-03-27 05:50:13 +01:00			`use Closure;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use Illuminate\Http\Request;`
			`use stdClass;`
Test for API 2019-03-27 05:50:13 +01:00
			`class ApiSecretCheck`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param Request $request`
			`* @param Closure $next`
Test for API 2019-03-27 05:50:13 +01:00			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
v5.1.63 2021-05-21 09:39:59 +02:00			`if (! config('ninja.api_secret') \|\| Ninja::isHosted()) {`
Update composer 2020-11-01 22:49:58 +01:00			`return $next($request);`
php-cs-fixer format 2020-11-25 15:19:52 +01:00			`}`
Update composer 2020-11-01 22:49:58 +01:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if ($request->header('X-API-SECRET') && ($request->header('X-API-SECRET') == config('ninja.api_secret'))) {`
Test for API 2019-03-27 05:50:13 +01:00			`return $next($request);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
fix error formatting 2019-09-24 00:37:38 +02:00			`$error = [`
			`'message' => 'Invalid secret',`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`'errors' => new stdClass,`
fix error formatting 2019-09-24 00:37:38 +02:00			`];`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Working on cascading settings 2019-09-11 07:32:47 +02:00			`return response()`
refactor 2021-12-09 06:34:23 +01:00			`->json($error, 403)`
			`->header('X-App-Version', config('ninja.app_version'))`
			`->header('X-Minimum-Client-Version', config('ninja.minimum_client_version'));`
Test for API 2019-03-27 05:50:13 +01:00			`}`
			`}`
			`}`