Trying to build and API based on laravel that aims to grow to intense usage by lots of clients. My question is whether there are serious drawbacks of using Auth class in my code ?
I have implemented the OAuth2 authorization, and to get info about the user that is making the request I have a filter :
Route::filter('hasAccess', function($request)
{
//get the cleaned token string
$auth_code = Request::header('Authorization');
$auth_code = trim(preg_replace('/Bearer/sui', "", $auth_code));
//get the stored session and put the query in cache for 10 minutes
$ts = DB::table('sessions as s')
->leftJoin('oauth_session_access_tokens as osat', 's.token', '=', 'osat.id')
->select('s.*')
->where('osat.access_token', '=', $auth_code)
->remember(10, $auth_code)
->first();
//Auth user cross-app
Auth::onceUsingId($ts->user);
//Extract the requested action
$request = $request->getAction();
$request = $request['controller'];
$parts = explode('@', $request);
$required = strtolower($parts[0]).'.'.$parts[1];
$required = preg_replace('/controller/sui', "", $required);
//Get the permissions
$permissions = json_decode($ts->permissions, true);
$permissions = array_fetch($permissions,'name');
if (!in_array($required,$permissions))
{
return Response::json([
'error' => true,
'dataset' => 'You don\'t have rights to access this url'
]);
}
});
It validates the user access rights to the controller action, but the most interesting in it is the row with Auth::onceUsingId($ts->user);. This rows authorizez the user for only 1 request. Also if any other ways to get info about user exist, please mention them. Thanks
