BookStack/app/Http/Middleware/StartSessionIfCookieExists.php
Dan Brown 349b4629be
Extracted API auth into guard
Also implemented more elegant solution to allowing session auth for API
routes; A new 'StartSessionIfCookieExists' middleware, which wraps the
default 'StartSession' middleware will run for API routes which only
sets up the session if a session cookie is found on the request. Also
decrypts only the session cookie.

Also cleaned some TokenController codeclimate warnings.
2019-12-30 14:51:28 +00:00

39 lines
1 KiB
PHP

<?php
namespace BookStack\Http\Middleware;
use BookStack\Http\Request;
use Closure;
use Exception;
use Illuminate\Session\Middleware\StartSession as Middleware;
class StartSessionIfCookieExists extends Middleware
{
/**
* Handle an incoming request.
*/
public function handle($request, Closure $next)
{
$sessionCookieName = config('session.cookie');
if ($request->cookies->has($sessionCookieName)) {
$this->decryptSessionCookie($request, $sessionCookieName);
return parent::handle($request, $next);
}
return $next($request);
}
/**
* Attempt decryption of the session cookie.
*/
protected function decryptSessionCookie(Request $request, string $sessionCookieName)
{
try {
$sessionCookie = $request->cookies->get($sessionCookieName);
$sessionCookie = decrypt($sessionCookie, false);
$request->cookies->set($sessionCookieName, $sessionCookie);
} catch (Exception $e) {
//
}
}
}