. */ namespace Poniverse\Ponyfm\Http\Middleware; use Auth; use Closure; use GuzzleHttp; use Poniverse; use Poniverse\Ponyfm\User; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; class AuthenticateOAuth { /** * @var Poniverse */ private $poniverse; public function __construct(Poniverse $poniverse) { $this->poniverse = $poniverse; } /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string $requiredScope * @return mixed * @throws \OAuth2\Exception */ public function handle($request, Closure $next, $requiredScope) { // Ensure this is a valid OAuth client. $accessToken = $request->get('access_token'); // check that access token is valid at Poniverse.net $accessTokenInfo = $this->poniverse->getAccessTokenInfo($accessToken); if (!$accessTokenInfo->getIsActive()) { throw new AccessDeniedHttpException('This access token is expired or invalid!'); } if (!in_array($requiredScope, $accessTokenInfo->getScopes())) { throw new AccessDeniedHttpException("This access token lacks the '${requiredScope}' scope!"); } // Log in as the given user, creating the account if necessary. $this->poniverse->setAccessToken($accessToken); $poniverseUser = $this->poniverse->getUser(); $user = User::findOrCreate($poniverseUser['username'], $poniverseUser['display_name'], $poniverseUser['email']); Auth::login($user); return $next($request); } }