diff --git a/app/Http/Middleware/ApiAuthToken.php b/app/Http/Middleware/ApiAuthToken.php
index 2e556538..8063e2ef 100644
--- a/app/Http/Middleware/ApiAuthToken.php
+++ b/app/Http/Middleware/ApiAuthToken.php
@@ -17,8 +17,11 @@ class ApiAuthToken
*/
public function handle(Request $request, Closure $next)
{
+ if (empty($request->bearerToken())) return response()->json(['message' => 'Missing Authorization header'], 403);
+
$token = ApplicationApi::find($request->bearerToken());
if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401);
+
$token->updateLastUsed();
return $next($request);
}
diff --git a/database/factories/ApplicationApiFactory.php b/database/factories/ApplicationApiFactory.php
index e53ba4e5..13c666db 100644
--- a/database/factories/ApplicationApiFactory.php
+++ b/database/factories/ApplicationApiFactory.php
@@ -22,7 +22,7 @@ class ApplicationApiFactory extends Factory
public function definition()
{
return [
- //
+ 'memo' => $this->faker->word()
];
}
}
diff --git a/phpunit.xml b/phpunit.xml
index 560bc50e..1581b598 100644
--- a/phpunit.xml
+++ b/phpunit.xml
@@ -8,6 +8,9 @@
tests/Unit
+
+ tests/Feature
+
diff --git a/tests/Feature/TestApiAuthorization.php b/tests/Feature/TestApiAuthorization.php
new file mode 100644
index 00000000..95feaecd
--- /dev/null
+++ b/tests/Feature/TestApiAuthorization.php
@@ -0,0 +1,78 @@
+withHeaders([
+ 'Accept' => 'application/json',
+ ])->{$method}($route);
+
+ $response->assertStatus(403);
+ $response->assertJson(['message' => 'Missing Authorization header']);
+ }
+
+
+ /**
+ * A basic feature test example.
+ * @dataProvider ApiRoutesThatRequireAuthorization
+ * @return void
+ */
+ public function test_api_route_with_auth_headers_but_invalid_token(string $method, string $route)
+ {
+ $response = $this->withHeaders([
+ 'Accept' => 'application/json',
+ 'Authorization' => 'Bearer ' . Str::random(48)
+ ])->{$method}($route);
+
+ $response->assertStatus(401);
+ $response->assertJson(['message' => 'Invalid Authorization token']);
+ }
+
+ /**
+ * A basic feature test example.
+ * @dataProvider ApiRoutesThatRequireAuthorization
+ * @return void
+ */
+ public function test_api_route_with_valid_auth_headers(string $method, string $route)
+ {
+ $applicationApi = ApplicationApi::factory()->create();
+
+ $response = $this->withHeaders([
+ 'Accept' => 'application/json',
+ 'Authorization' => 'Bearer ' . $applicationApi->token
+ ])->{$method}($route);
+
+ $response->assertStatus(200);
+ }
+
+ public function ApiRoutesThatRequireAuthorization(): array
+ {
+ return [
+ 'List Users' => [
+ 'method' => 'get',
+ 'route' => '/api/users',
+ ],
+ 'List Servers' => [
+ 'method' => 'get',
+ 'route' => '/api/servers',
+ ]
+ ];
+ }
+}
diff --git a/tests/Unit/testUserCommand.php b/tests/Unit/testUserCommand.php
index 7abe78d9..fa429e46 100644
--- a/tests/Unit/testUserCommand.php
+++ b/tests/Unit/testUserCommand.php
@@ -3,9 +3,7 @@
namespace Tests\Unit;
use App\Classes\Pterodactyl;
-use Illuminate\Foundation\Auth\User;
use Illuminate\Foundation\Testing\DatabaseTransactions;
-use Illuminate\Support\Facades\DB;
use Tests\TestCase;
class testUserCommand extends TestCase