Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 05:02:36 +01:00
Code Issues Releases Activity

Enable mobile app for non-pro users

Browse Source
This commit is contained in:
Hillel Coren 2016-05-29 17:31:03 +03:00
parent 990b9bff28
commit 8d0bed3754
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Middleware/ApiCheck.php
View File

@ -23,10 +23,11 @@ class ApiCheck {
{
$loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
$headers = Utils::getApiHeaders();
$hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET));
if ($loggingIn) {
// check API secret
if ( ! $request->api_secret || ! env(API_SECRET) || ! hash_equals($request->api_secret, env(API_SECRET))) {
if ( ! $hasApiSecret) {
sleep(ERROR_DELAY);
return Response::json('Invalid secret', 403, $headers);
}
@ -48,7 +49,7 @@ class ApiCheck {
return $next($request);
}
if (!Utils::hasFeature(FEATURE_API) && !$loggingIn) {
if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
return Response::json('API requires pro plan', 403, $headers);
} else {
$key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
@ -59,7 +60,7 @@ class ApiCheck {
$hour_throttle = Cache::get("hour_throttle:{$key}", null);
$last_api_request = Cache::get("last_api_request:{$key}", 0);
$last_api_diff = time() - $last_api_request;
if (is_null($hour_throttle)) {
$new_hour_throttle = 0;
} else {
@ -83,4 +84,4 @@ class ApiCheck {
return $next($request);
}
}
}