Implementing authentication as middleware instead of filter.

Signed-off-by: Jason Lewis <[email protected]>

Author: jasonlewis

src/ApiServiceProvider.php

@@ -1,6 +1,7 @@
 <?php namespace Dingo\Api;
 
 use Closure;
+use Dingo\Api\Auth\Shield;
 use Dingo\Api\Http\Response;
 use Dingo\Api\Routing\Router;
 use Dingo\Api\Auth\ProviderManager;
@@ -35,11 +36,6 @@ public function boot()
 		$formats = array_map('value', $this->app['config']['api::formats']);
 
 		Response::setFormatters($formats);
-
-		$this->app['router']->filter('api', function($route, $request)
-		{
-			$this->app['dingo.api.auth']->authenticate();
-		});
 	}
 
 	/**
@@ -57,6 +53,8 @@ public function register()
 
 		$this->registerAuthentication();
 
+		$this->registerMiddlewares();
+
 		// We'll also register a booting event so that we can set our exception handler
 		// instance, default API version and the API vendor on the router.
 		$this->app->booting(function($app)
@@ -152,8 +150,18 @@ protected function registerAuthentication()
 				$providers[$provider] = $app['dingo.api.auth.manager']->driver($provider)->setOptions($options);
 			}
 
-			return new Authentication($app['router'], $app['auth'], $providers);
+			return new Shield($app['auth'], $providers);
 		});
 	}
 
+	/**
+	 * Register the middlewares.
+	 * 
+	 * @return void
+	 */
+	protected function registerMiddlewares()
+	{
+		$this->app->middleware('Dingo\Api\Http\Middleware\Authentication');
+	}
+
 }

src/Authentication.php renamed to src/Auth/Shield.php

@@ -1,21 +1,15 @@
-<?php namespace Dingo\Api;
+<?php namespace Dingo\Api\Auth;
 
 use Exception;
+use Illuminate\Http\Request;
 use Dingo\Api\Http\Response;
 use Dingo\Api\Routing\Router;
 use Illuminate\Routing\Route;
 use Illuminate\Auth\AuthManager;
 use Dingo\Api\Http\InternalRequest;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 
-class Authentication {
-
-	/**
-	 * API router instance.
-	 * 
-	 * @var \Dingo\Api\Routing\Router
-	 */
-	protected $router;
+class Shield {
 
 	/**
 	 * Illuminate auth instance.
@@ -48,14 +42,12 @@ class Authentication {
     /**
      * Create a new Dingo\Api\Authentication instance.
      * 
-     * @param  \Dingo\Api\Routing\Router  $router
      * @param  \Illuminate\Auth\AuthManager  $auth
      * @param  array  $providers
      * @return void
      */
-	public function __construct(Router $router, AuthManager $auth, array $providers)
+	public function __construct(AuthManager $auth, array $providers)
 	{
-		$this->router = $router;
 		$this->auth = $auth;
 		$this->providers = $providers;
 	}
@@ -65,20 +57,8 @@ public function __construct(Router $router, AuthManager $auth, array $providers)
 	 * 
 	 * @return null|\Dingo\Api\Http\Response
 	 */
-	public function authenticate()
+	public function authenticate(Request $request, Route $route)
 	{
-		$request = $this->router->getCurrentRequest();
-
-		if ($request instanceof InternalRequest or ! is_null($this->user))
-		{
-			return null;
-		}
-
-		if (  ! $route = $this->router->getCurrentRoute() or ! $this->routeIsProtected($route))
-		{
-			return null;
-		}
-
 		$exceptionStack = [];
 
 		// Spin through each of the registered authentication providers and attempt to
@@ -112,30 +92,16 @@ public function authenticate()
 		throw $exception;
 	}
 
-	/**
-	 * Determine if a route is protected.
-	 * 
-	 * @param  \Illuminate\Routing\Route  $route
-	 * @return bool
-	 */
-	protected function routeIsProtected(Route $route)
-	{
-		$action = $route->getAction();
-
-		return in_array('protected', $action, true) or (isset($action['protected']) and $action['protected'] === true);
-	}
-
 	/**
 	 * Get the authenticated user.
 	 * 
 	 * @return \Illuminate\Auth\GenericUser|\Illuminate\Database\Eloquent\Model
 	 */
 	public function getUser()
 	{
-		if ($this->user)
-		{
-			return $this->user;
-		}
+		if ($this->user) return $this->user;
+
+		if ( ! $this->userId) return null;
 
 		if ( ! $this->auth->check())
 		{

src/Dispatcher.php

@@ -2,6 +2,7 @@
 
 use Closure;
 use RuntimeException;
+use Dingo\Api\Auth\Shield;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Dingo\Api\Routing\Router;
@@ -36,11 +37,11 @@ class Dispatcher {
 	protected $router;
 
 	/**
-	 * API authentication instance.
+	 * API authentication shield instance.
 	 * 
-	 * @var \Dingo\Api\Authentication
+	 * @var \Dingo\Api\Auth\Shield
 	 */
-	protected $auth;
+	protected $shield;
 
 	/**
 	 * Original request input array.
@@ -83,15 +84,15 @@ class Dispatcher {
 	 * @param  \Illuminate\Http\Request  $request
 	 * @param  \Illuminate\Routing\UrlGenerator  $url
 	 * @param  \Dingo\Api\Routing\Router  $router
-	 * @param  \Dingo\Api\Authentication  $auth
+	 * @param  \Dingo\Api\Auth\Shield  $shield
 	 * @return void
 	 */
-	public function __construct(Request $request, UrlGenerator $url, Router $router, Authentication $auth)
+	public function __construct(Request $request, UrlGenerator $url, Router $router, Shield $shield)
 	{
 		$this->request = $request;
 		$this->url = $url;
 		$this->router = $router;
-		$this->auth = $auth;
+		$this->shield = $shield;
 	}
 
 	/**
@@ -107,7 +108,7 @@ public function be($user)
 			throw new RuntimeException('User must be an instance of either Illuminate\Database\Eloquent\Model or Illuminate\Auth\GenericUser.');
 		}
 
-		$this->auth->setUser($user);
+		$this->shield->setUser($user);
 
 		return $this;
 	}
@@ -360,7 +361,7 @@ protected function refreshRequestStack()
 	{
 		if ( ! $this->persistAuthenticationUser)
 		{
-			$this->auth->setUser(null);
+			$this->shield->setUser(null);
 
 			$this->persistAuthenticationUser = true;
 		}

src/Http/Middleware/Authentication.php

@@ -0,0 +1,106 @@
+<?php namespace Dingo\Api\Http\Middleware;
+
+use Dingo\Api\Http\Response;
+use Illuminate\Routing\Route;
+use Dingo\Api\Http\InternalRequest;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+
+class Authentication implements HttpKernelInterface {
+
+	/**
+	 * The wrapped kernel implementation.
+	 * 
+	 * @var \Symfony\Component\HttpKernel\HttpKernelInterface
+	 */
+	protected $app;
+
+	/**
+	 * Create a new authentication middleware instance.
+	 * 
+	 * @param  \Symfony\Component\HttpKernel\HttpKernelInterface  $app
+	 * @return void
+	 */
+	public function __construct(HttpKernelInterface $app)
+	{
+		$this->app = $app;
+	}
+
+	/**
+	 * Handle a given request and return the response.
+	 * 
+	 * @param  \Symfony\Component\HttpFoundation\Request  $request
+	 * @param  int  $type
+	 * @param  bool  $catch
+	 * @return \Symfony\Component\HttpFoundation\Response
+	 * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
+	 */
+	public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
+	{
+		// Our middleware needs to ensure that Laravel is booted before we
+		// can do anything. This gives us access to all the booted
+		// service providers and other container bindings.
+		$this->app->boot();
+
+		if ($request instanceof InternalRequest or $this->app->make('dingo.api.auth')->user())
+		{
+			return $this->app->handle($request, $type, $catch);
+		}
+
+		$router = $this->app->make('router');
+
+		$response = null;
+
+		// If a collection exists for the request and we can match a route
+		// from the request then we'll check to see if the route is
+		// protected and, if it is, we'll attempt to authenticate.
+		if ($collection = $router->getApiRouteCollectionFromRequest($request) and $route = $collection->match($request))
+		{
+			if ($this->routeIsProtected($route))
+			{
+				$response = $this->authenticate($request, $route);
+			}	
+		}
+
+		return $response ?: $this->app->handle($request, $type, $catch);
+	}
+
+	/**
+	 * Authenticate the request for the given route.
+	 * 
+	 * @param  \Symfony\Component\HttpFoundation\Request  $request
+	 * @param  \Illuminate\Routing\Route  $route
+	 * @return null|\Dingo\Api\Http\Response
+	 * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
+	 */
+	protected function authenticate(Request $request, Route $route)
+	{
+		try
+		{
+			$this->app->make('dingo.api.auth')->authenticate($request, $route);
+		}
+		catch (UnauthorizedHttpException $exception)
+		{
+			$router = $this->app->make('router');
+
+			$response = $router->handleException($exception);
+
+			return Response::makeFromExisting($response)->morph($router->getRequestedFormat());
+		}
+	}
+
+	/**
+	 * Determine if a route is protected.
+	 * 
+	 * @param  \Illuminate\Routing\Route  $route
+	 * @return bool
+	 */
+	protected function routeIsProtected(Route $route)
+	{
+		$action = $route->getAction();
+
+		return in_array('protected', $action, true) or (isset($action['protected']) and $action['protected'] === true);
+	}
+
+}

src/Routing/Router.php

@@ -218,8 +218,6 @@ protected function addRoute($methods, $uri, $action)
 	 */
 	protected function addApiRoute($route)
 	{
-		$route->before('api');
-
 		// Since the groups action gets merged with the routes we need to make
 		// sure that if the route supplied its own protection that we grab
 		// that protection status from the array after the merge.
@@ -402,9 +400,7 @@ public function requestTargettingApi($request = null)
 			return true;
 		}
 
-		$collection = array_first($this->api, function($k, $c) use ($request) { return $c->matchesRequest($request); }, false);
-
-		return $collection instanceof ApiRouteCollection;
+		return $this->getApiRouteCollectionFromRequest($request) instanceof ApiRouteCollection;
 	}
 
 	/**
@@ -425,6 +421,17 @@ protected function parseAcceptHeader($request)
 		}
 	}
 
+	/**
+	 * Get a matching API route collection from the request.
+	 * 
+	 * @param  \Illuminate\Http\Request  $request
+	 * @return null|\Dingo\Api\Routing\ApiRouteCollection
+	 */
+	public function getApiRouteCollectionFromRequest(Request $request)
+	{
+		return array_first($this->api, function($k, $c) use ($request) { return $c->matchesRequest($request); }, null);
+	}
+
 	/**
 	 * Get an API route collection for a given version.
 	 * 
@@ -559,6 +566,26 @@ public function getVendor()
 		return $this->vendor;
 	}
 
+	/**
+	 * Get the requested version.
+	 * 
+	 * @return string
+	 */
+	public function getRequestedVersion()
+	{
+		return $this->requestedVersion;
+	}
+
+	/**
+	 * Get the requested format.
+	 * 
+	 * @return string
+	 */
+	public function getRequestedFormat()
+	{
+		return $this->requestedFormat;
+	}
+
 	/**
 	 * Get a controller inspector instance.
 	 *