35 lines
910 B
PHP
35 lines
910 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
|
|
class SecureApiDocs
|
|
{
|
|
public function handle($request, Closure $next)
|
|
{
|
|
// for local, dont add any authentication
|
|
if (config('variables.app_env') === 'local') {
|
|
return $next($request);
|
|
}
|
|
$token = $request->get('token');
|
|
if (!$token) {
|
|
// try to load the token from referer
|
|
$query = array();
|
|
parse_str(
|
|
parse_url($request->header('referer'), PHP_URL_QUERY),
|
|
$query
|
|
);
|
|
if (isset($query['token'])) {
|
|
$token = $query['token'];
|
|
}
|
|
}
|
|
// we will match it against the `SWAGGER_DOCS_TOKEN` environment variable
|
|
if ($token === config('variables.swagger_docs_token')) {
|
|
return $next($request);
|
|
} else {
|
|
abort(403);
|
|
}
|
|
}
|
|
}
|