-
-
Notifications
You must be signed in to change notification settings - Fork 59
Manage api from Cachet Settings page (#235) #236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
d07958b
285c7d1
6de4031
a37c30d
c2f1880
5926004
f454496
4c5d1a3
7f87612
c58b55b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
<?php | ||
|
||
use Spatie\LaravelSettings\Migrations\SettingsMigration; | ||
|
||
return new class extends SettingsMigration | ||
{ | ||
/** | ||
* Run the migrations. | ||
*/ | ||
public function up(): void | ||
{ | ||
// Theme settings... | ||
rescue(fn () => $this->migrator->add('app.api_enabled', true)); | ||
rescue(fn () => $this->migrator->add('app.api_protected', false)); | ||
} | ||
/** | ||
* Run the migrations. | ||
*/ | ||
public function down(): void | ||
{ | ||
// Theme settings... | ||
rescue(fn () => $this->migrator->deleteIfExists('app.api_enabled')); | ||
rescue(fn () => $this->migrator->deleteIfExists('app.api_protected')); | ||
} | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
<?php | ||
|
||
namespace Cachet\Http\Middleware; | ||
|
||
use Cachet\Settings\AppSettings; | ||
use Closure; | ||
use Illuminate\Http\Request; | ||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; | ||
|
||
class ApiEnabled | ||
{ | ||
/** | ||
* Handle an incoming request. | ||
* | ||
* @param Request $request | ||
* @param Closure(Request):mixed $next | ||
* @return mixed | ||
* | ||
*/ | ||
public function handle($request, Closure $next) | ||
{ | ||
throw_unless(AppSettings::getOrDefault('api_enabled', true), NotFoundHttpException::class); | ||
|
||
return $next($request); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<?php | ||
|
||
namespace Cachet\Http\Middleware; | ||
|
||
use Cachet\Settings\AppSettings; | ||
use Closure; | ||
use Illuminate\Auth\AuthenticationException; | ||
use Illuminate\Auth\Middleware\Authenticate as BaseAuthenticationMiddleware; | ||
use Illuminate\Http\Request; | ||
|
||
class ApiPublicOrProtected extends BaseAuthenticationMiddleware | ||
{ | ||
/** | ||
* Handle an incoming request. | ||
* | ||
* @param Request $request | ||
* @param Closure(Request):mixed $next | ||
* @param string ...$guards | ||
* @return mixed | ||
* | ||
* @throws AuthenticationException | ||
*/ | ||
public function handle($request, Closure $next, ...$guards) | ||
{ | ||
$protected = AppSettings::getOrDefault('api_protected', false); | ||
if ($protected) { | ||
return parent::handle($request, $next, ...$guards); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is trying to redirect to a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Will do There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jbrooksuk This is something that is managed by Sanctum. So do you want me to override the sanctum routes within the Core? Because on my instance i changed this on the cachet repo by hand (sanctum config). |
||
} | ||
return $next($request); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
<?php | ||
|
||
use Cachet\Settings\AppSettings; | ||
use Laravel\Sanctum\Sanctum; | ||
use Workbench\App\User; | ||
use function Pest\Laravel\getJson; | ||
|
||
|
||
it('has api disabled', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = false; | ||
$settings->api_protected = false; | ||
$settings->save(); | ||
|
||
getJson('/status/api/ping') | ||
->assertNotFound(); | ||
}); | ||
|
||
it('has api disabled with protected and user', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = false; | ||
$settings->api_protected = true; | ||
$settings->save(); | ||
|
||
Sanctum::actingAs(User::factory()->create(), ['general.ping']); | ||
|
||
getJson('/status/api/ping') | ||
->assertNotFound(); | ||
}); | ||
|
||
it('has api disabled without protected and user', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = false; | ||
$settings->api_protected = true; | ||
$settings->save(); | ||
|
||
Sanctum::actingAs(User::factory()->create(), ['general.ping']); | ||
|
||
getJson('/status/api/ping') | ||
->assertNotFound(); | ||
}); | ||
|
||
|
||
it('has public api access', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = true; | ||
$settings->api_protected = false; | ||
$settings->save(); | ||
|
||
Sanctum::actingAs(User::factory()->create(), ['general.ping']); | ||
|
||
getJson('/status/api/ping') | ||
->assertOk(); | ||
}); | ||
|
||
|
||
it('has public api access with a user', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = true; | ||
$settings->api_protected = false; | ||
$settings->save(); | ||
|
||
getJson('/status/api/ping') | ||
->assertOk(); | ||
}); | ||
|
||
it('has no access to api without a user', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = true; | ||
$settings->api_protected = true; | ||
$settings->save(); | ||
getJson('/status/api/ping') | ||
->assertUnauthorized(); | ||
}); | ||
|
||
|
||
it('has access to api with a user', function () { | ||
$settings = app(AppSettings::class); | ||
$settings->api_enabled = true; | ||
$settings->api_protected = true; | ||
$settings->save(); | ||
|
||
Sanctum::actingAs(User::factory()->create(), ['general.ping']); | ||
|
||
getJson('/status/api/ping') | ||
->assertOk(); | ||
}); |
Uh oh!
There was an error while loading. Please reload this page.