Merge pull request #4 from firevel/feature/web-middleware

Cookie middleware
firevel · Nov 22, 2019 · d3336da · d3336da
2 parents e53dbf6 + 772333a
commit d3336da
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -13,16 +13,22 @@ The driver contains a firebase guard that authenticates user by Firebase Authent
 composer require firevel/firebase-authentication
 ```
 
-2) Update config/auth.php with:
+2) Update config/auth.php.
+
 ```
 'guards' => [
-    ....
-    'api' => [
+    'web' => [
         'driver' => 'firebase',
         'provider' => 'users',
     ],
+
+    'api' => [
+        'driver' => 'token',
+        'provider' => 'users',
+    ],
 ],
 ```
+
 3) Update your User model with `Firevel\FirebaseAuthentication\FirebaseAuthenticable` trait `$incrementing = false` and fillables.
 
 Eloquent example:
@@ -37,7 +43,7 @@ use Illuminate\Foundation\Auth\User as Authenticatable;
 
 class User extends Authenticatable
 {
-    use Notifiable;
+    use Notifiable, FirebaseAuthenticable;
 
     /**
      * Indicates if the IDs are auto-incrementing.
@@ -101,6 +107,23 @@ $table->string('picture');
 $table->timestamps();
 ```
 
+## Web guard
+
+In order to use firebase authentication in web routes you must attach bearer token to each http request.
+
+You can also store bearer token in `bearer_token` cookie variable and add to your `Kernel.php`:
+```
+    protected $middlewareGroups = [
+        'web' => [
+            ...
+            \Firevel\FirebaseAuthentication\Http\Middleware\AddAccessTokenFromCookie::class,
+            ...
+        ],
+
+        ...
+    ];
+```
+
 ## Usage
 
 Attach to each API call regular bearer token provided by Firebase Authentication.
diff --git a/src/Http/Middleware/AddAccessTokenFromCookie.php b/src/Http/Middleware/AddAccessTokenFromCookie.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Firevel\FirebaseAuthentication\Http\Middleware;
+
+use Closure;
+
+class AddAccessTokenFromCookie
+{
+    /**
+     * Store token from cookie in authorization header.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if (empty($request->bearerToken())) {
+            $tokenCookie = config('firebase.token_cookie', 'bearer_token');
+            if ($request->hasCookie($tokenCookie)) {
+                $token = $request->cookie($tokenCookie);
+                $request->headers->add(['Authorization' => 'Bearer '.$token]);
+            }
+        }
+
+        return $next($request);
+    }
+}