Remove the automatically added route middlewares and require them to be explicitly set when using either authentication or rate limiting.

Signed-off-by: Jason Lewis <[email protected]>

Author: jasonlewis

src/Http/Middleware/Request.php

@@ -68,6 +68,8 @@ public function __construct(Application $app, Router $router, RequestValidator $
     public function handle($request, Closure $next)
     {
         if ($this->validator->validateRequest($request)) {
+            unset($next);
+
             $request = $this->app->make('Dingo\Api\Contract\Http\Request')->createFromIlluminate($request);
 
             return $this->sendRequestThroughRouter($request);

src/Provider/LaravelServiceProvider.php

@@ -22,7 +22,7 @@ public function boot()
         ]);
 
         $this->app['router']->middleware('api.auth', 'Dingo\Api\Http\Middleware\Auth');
-        $this->app['router']->middleware('api.limiting', 'Dingo\Api\Http\Middleware\RateLimit');
+        $this->app['router']->middleware('api.throttle', 'Dingo\Api\Http\Middleware\RateLimit');
     }
 
     /**

src/Provider/LumenServiceProvider.php

@@ -21,7 +21,7 @@ public function boot()
 
         $this->app->routeMiddleware([
             'api.auth' => 'Dingo\Api\Http\Middleware\Auth',
-            'api.limiting' => 'Dingo\Api\Http\Middleware\RateLimit',
+            'api.throttle' => 'Dingo\Api\Http\Middleware\RateLimit',
         ]);
     }
 

src/Routing/Helpers.php

@@ -13,8 +13,6 @@ trait Helpers
      */
     protected $methodProperties = [
         'scopes' => [],
-        'protected' => [],
-        'unprotected' => [],
         'providers' => [],
         'rateLimit' => [],
         'throttles' => []

src/Routing/Route.php

@@ -65,13 +65,6 @@ class Route
      */
     protected $scopes = [];
 
-    /**
-     * Indicates if the route is protected.
-     *
-     * @var bool
-     */
-    protected $protected = false;
-
     /**
      * Array of authentication providers.
      *
@@ -154,7 +147,6 @@ protected function setupRoute($route, Request $request)
         $this->makeController();
 
         $this->setupScopes();
-        $this->setupProtection();
         $this->setupAuthProviders();
         $this->setupRateLimiting();
         $this->setupThrottle();
@@ -207,24 +199,6 @@ protected function setupAuthProviders()
         });
     }
 
-    /**
-     * Setup the route protection by merging the controller protection.
-     *
-     * @return void
-     */
-    protected function setupProtection()
-    {
-        $this->protected = array_pull($this->action, 'protected', false);
-
-        $this->findControllerOptions('protected', function () {
-            $this->protected = true;
-        });
-
-        $this->findControllerOptions('unprotected', function () {
-            $this->protected = false;
-        });
-    }
-
     /**
      * Setup the route scopes by merging any controller scopes.
      *
@@ -272,7 +246,7 @@ protected function getControllerProperties()
         $method = $this->getControllerPropertiesMethodName();
 
         return array_merge(
-            ['scope' => [], 'protected' => [], 'unprotected' => [], 'providers' => [], 'rateLimit' => [], 'throttles' => []],
+            ['scope' => [], 'providers' => [], 'rateLimit' => [], 'throttles' => []],
             $this->controller->$method()
         );
     }
@@ -383,16 +357,6 @@ public function getThrottle()
         return $this->throttle;
     }
 
-    /**
-     * Determine if the route is protected.
-     *
-     * @return bool
-     */
-    public function isProtected()
-    {
-        return $this->protected === true;
-    }
-
     /**
      * Get the name of the route.
      *

src/Routing/Router.php

@@ -21,20 +21,6 @@
 
 class Router
 {
-    /**
-     * Auth middleware identifier.
-     *
-     * @var string
-     */
-    const API_AUTH_MIDDLEWARE = 'api.auth';
-
-    /**
-     * Rate limit middleware identifier.
-     *
-     * @var string
-     */
-    const API_RATE_LIMIT_MIDDLEWARE = 'api.limiting';
-
     /**
      * Routing adapter instance.
      *
@@ -399,31 +385,9 @@ public function addRoute($methods, $uri, $action)
 
         $action['uri'] = $uri;
 
-        $action = $this->addRouteMiddlewares($action);
-
         return $this->adapter->addRoute((array) $methods, $action['version'], $uri, $action);
     }
 
-    /**
-     * Add the route middlewares to the action array.
-     *
-     * @param array $action
-     *
-     * @return array
-     */
-    protected function addRouteMiddlewares(array $action)
-    {
-        foreach ([static::API_RATE_LIMIT_MIDDLEWARE, static::API_AUTH_MIDDLEWARE] as $middleware) {
-            if (($key = array_search($middleware, $action['middleware'])) !== false) {
-                unset($action['middleware'][$key]);
-            }
-
-            array_unshift($action['middleware'], $middleware);
-        }
-
-        return $action;
-    }
-
     /**
      * Merge the last groups attributes.
      *

tests/Routing/RouteTest.php

@@ -31,7 +31,6 @@ public function testCreatingNewRoute()
             'methods' => ['GET', 'HEAD'],
             'action' => [
                 'scopes' => ['foo', 'bar'],
-                'protected' => false,
                 'providers' => ['foo'],
                 'limit' => 5,
                 'expires' => 10,
@@ -42,7 +41,6 @@ public function testCreatingNewRoute()
         ]);
 
         $this->assertEquals(['foo', 'bar'], $route->scopes(), 'Route did not setup scopes correctly.');
-        $this->assertFalse($route->isProtected(), 'Route did not setup protection correctly.');
         $this->assertEquals(['foo'], $route->getAuthProviders(), 'Route did not setup authentication providers correctly.');
         $this->assertEquals(5, $route->getRateLimit(), 'Route did not setup rate limit correctly.');
         $this->assertEquals(10, $route->getRateExpiration(), 'Route did not setup rate limit expiration correctly.');
@@ -60,7 +58,6 @@ public function testControllerOptionsMergeAndOverrideRouteOptions()
             'methods' => ['GET', 'HEAD'],
             'action' => [
                 'scopes' => ['foo', 'bar'],
-                'protected' => false,
                 'providers' => ['foo'],
                 'limit' => 5,
                 'expires' => 10,
@@ -72,7 +69,6 @@ public function testControllerOptionsMergeAndOverrideRouteOptions()
         ]);
 
         $this->assertEquals(['foo', 'bar', 'baz', 'bing'], $route->scopes(), 'Route did not setup scopes correctly.');
-        $this->assertTrue($route->isProtected(), 'Route did not setup protection correctly.');
         $this->assertEquals(['foo', 'red', 'black'], $route->getAuthProviders(), 'Route did not setup authentication providers correctly.');
         $this->assertEquals(10, $route->getRateLimit(), 'Route did not setup rate limit correctly.');
         $this->assertEquals(20, $route->getRateExpiration(), 'Route did not setup rate limit expiration correctly.');

tests/Routing/RouterTest.php

@@ -20,41 +20,27 @@ public function getAdapterInstance()
 
     public function testRouteOptionsMergeCorrectly()
     {
-        $this->router->version('v1', ['protected' => true, 'scopes' => 'foo|bar'], function () {
+        $this->router->version('v1', ['scopes' => 'foo|bar'], function () {
             $this->router->get('foo', ['scopes' => ['baz'], function () {
-                $this->assertTrue(
-                    $this->router->getCurrentRoute()->isProtected(),
-                    'Route was not protected but should be.'
-                );
                 $this->assertEquals(
                     ['foo', 'bar', 'baz'],
                     $this->router->getCurrentRoute()->getScopes(),
                     'Router did not merge string based group scopes with route based array scopes.'
                 );
             }]);
 
-            $this->router->get('bar', ['protected' => false, function () {
-                $this->assertFalse(
-                    $this->router->getCurrentRoute()->isProtected(),
-                    'Route was protected but should not be.'
-                );
-            }]);
-
-            $this->router->get('baz', ['protected' => false, function () {
+            $this->router->get('baz', function () {
                 $this->assertEquals(
                     ['foo', 'bar'],
                     $this->router->getCurrentRoute()->getScopes(),
                     'Router did not merge string based group scopes with route.'
                 );
-            }]);
+            });
         });
 
         $request = $this->createRequest('foo', 'GET', ['accept' => 'application/vnd.api.v1+json']);
         $this->router->dispatch($request);
 
-        $request = $this->createRequest('bar', 'GET', ['accept' => 'application/vnd.api.v1+json']);
-        $this->router->dispatch($request);
-
         $request = $this->createRequest('baz', 'GET', ['accept' => 'application/vnd.api.v1+json']);
         $this->router->dispatch($request);
 
@@ -69,7 +55,6 @@ public function testRouteOptionsMergeCorrectly()
 
         $this->assertEquals(['baz', 'bing'], $route->scopes());
         $this->assertEquals(['foo', 'red', 'black'], $route->getAuthProviders());
-        $this->assertTrue($route->isProtected());
         $this->assertEquals(10, $route->getRateLimit());
         $this->assertEquals(20, $route->getRateExpiration());
         $this->assertEquals('Zippy', $route->getThrottle());
@@ -239,23 +224,6 @@ public function testUnsuccessfulResponseThrowsHttpException()
         $this->assertEquals('Failed!', $this->router->dispatch($request)->getContent(), 'Router did not throw and handle a HttpException.');
     }
 
-    public function testRouteMiddlewaresAreUnsetAndMovedIfManuallySetOnRoutes()
-    {
-        $this->router->version('v1', function () {
-            $this->router->get('foo', ['middleware' => 'foo|api.auth', function () use (&$middleware) {
-                $route = $this->router->getCurrentRoute();
-
-                $this->assertEquals(['api.auth', 'api.limiting', 'foo'], $route->getAction()['middleware']);
-
-                return 'foo';
-            }]);
-        });
-
-        $request = $this->createRequest('foo', 'GET');
-
-        $this->router->dispatch($request);
-    }
-
     public function testGroupNamespacesAreConcatenated()
     {
         $this->router->version('v1', ['namespace' => 'Dingo\Api'], function () {

tests/Stubs/RoutingControllerStub.php

@@ -13,9 +13,6 @@ public function __construct()
         $this->scopes('baz|bing');
         $this->scopes('bob', ['except' => ['index']]);
 
-        $this->protect();
-        $this->unprotect(['except' => ['index']]);
-
         $this->authenticateWith('red|black', ['only' => 'index']);
 
         $this->rateLimit(10, 20);