replace-hardcoded-hex-strings/app/Http/Middleware/Api/Daemon/DaemonAuthenticate.php

<?php

namespace App\Http\Middleware\Api\Daemon;

use App\Models\Node;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\HttpException;

class DaemonAuthenticate
{
    /**
     * Daemon routes that this middleware should be skipped on.
     *
     * @var string[]
     */
    protected array $except = [
        'daemon.configuration',
    ];

    /**
     * Check if a request from the daemon can be properly attributed back to a single node instance.
     *
     * @throws HttpException
     */
    public function handle(Request $request, Closure $next): mixed
    {
        if (in_array($request->route()->getName(), $this->except)) {
            return $next($request);
        }

        if (is_null($bearer = $request->bearerToken())) {
            throw new HttpException(401, 'Access to this endpoint must include an Authorization header.', null, ['WWW-Authenticate' => 'Bearer']);
        }

        $parts = explode('.', $bearer);
        // Ensure that all the correct parts are provided in the header.
        if (count($parts) !== 2 || empty($parts[0]) || empty($parts[1])) {
            throw new BadRequestHttpException('The Authorization header provided was not in a valid format.');
        }

        /** @var Node $node */
        $node = Node::query()->where('daemon_token_id', $parts[0])->firstOrFail();

        if (hash_equals((string) $node->daemon_token, $parts[1])) {
            $request->attributes->set('node', $node);

            return $next($request);
        }

        throw new AccessDeniedHttpException('You are not authorized to access this resource.');
    }
}
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`<?php`

Switch namespace back to App 2024-03-12 22:39:16 -04:00			`namespace App\Http\Middleware\Api\Daemon;`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00
Remove node repository 2024-03-16 21:34:09 -04:00			`use App\Models\Node;`
Enable "ordered imports" (#1746) 2025-09-24 13:34:19 +02:00			`use Closure;`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`use Illuminate\Http\Request;`
Implement fix to allow root admins to view all servers. closes #722 2017-11-05 12:38:39 -06:00			`use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;`
Enable "ordered imports" (#1746) 2025-09-24 13:34:19 +02:00			`use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;`
			`use Symfony\Component\HttpKernel\Exception\HttpException;`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00
			`class DaemonAuthenticate`
			`{`
			`/**`
Update all the middlewares 2017-10-29 12:37:25 -05:00			`* Daemon routes that this middleware should be skipped on.`
PHPstan updates (#1047) * Not found property rule * Make these “better” * Day 1 * Day 2 * Day 3 * Dat 4 * Remove disabled check * Day 4 continued * Run pint * Final changes hopefully * Pint fixes * Fix again * Reset these * Update app/Filament/Admin/Pages/Health.php Co-authored-by: MartinOscar <40749467+rmartinoscar@users.noreply.github.com> * Update app/Traits/CheckMigrationsTrait.php Co-authored-by: MartinOscar <40749467+rmartinoscar@users.noreply.github.com> --------- Co-authored-by: MartinOscar <40749467+rmartinoscar@users.noreply.github.com> 2025-03-03 14:41:19 -05:00			`*`
			`* @var string[]`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`*/`
Upgrade to Laravel 9 (#4413) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2022-10-14 10:59:20 -06:00			`protected array $except = [`
Update all the middlewares 2017-10-29 12:37:25 -05:00			`'daemon.configuration',`
			`];`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00
			`/**`
			`* Check if a request from the daemon can be properly attributed back to a single node instance.`
			`*`
Filament v4 🎉 (#1651) Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Co-authored-by: Boy132 <Boy132@users.noreply.github.com> Co-authored-by: Lance Pioch <git@lance.sh> 2025-09-08 13:12:33 -04:00			`* @throws HttpException`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`*/`
Filament v4 🎉 (#1651) Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Co-authored-by: Boy132 <Boy132@users.noreply.github.com> Co-authored-by: Lance Pioch <git@lance.sh> 2025-09-08 13:12:33 -04:00			`public function handle(Request $request, Closure $next): mixed`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`{`
Update all the middlewares 2017-10-29 12:37:25 -05:00			`if (in_array($request->route()->getName(), $this->except)) {`
			`return $next($request);`
			`}`

Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00			`if (is_null($bearer = $request->bearerToken())) {`
Fix 401 error typo (#3393) 2021-06-03 23:35:51 +03:00			`throw new HttpException(401, 'Access to this endpoint must include an Authorization header.', null, ['WWW-Authenticate' => 'Bearer']);`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`}`

Don't throw errors if bad data is sent in the header 2020-04-10 15:53:19 -07:00			`$parts = explode('.', $bearer);`
Remove node repository 2024-03-16 21:34:09 -04:00			`// Ensure that all the correct parts are provided in the header.`
Don't throw errors if bad data is sent in the header 2020-04-10 15:53:19 -07:00			`if (count($parts) !== 2 \|\| empty($parts[0]) \|\| empty($parts[1])) {`
Use more standardized phpcs 2021-01-23 12:33:34 -08:00			`throw new BadRequestHttpException('The Authorization header provided was not in a valid format.');`
Don't throw errors if bad data is sent in the header 2020-04-10 15:53:19 -07:00			`}`
Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00
Remove node repository 2024-03-16 21:34:09 -04:00			`/** @var Node $node */`
			`$node = Node::query()->where('daemon_token_id', $parts[0])->firstOrFail();`
Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00
replace encrypt/ decrypt with encrypted casting 2024-05-28 15:24:20 +02:00			`if (hash_equals((string) $node->daemon_token, $parts[1])) {`
Remove node repository 2024-03-16 21:34:09 -04:00			`$request->attributes->set('node', $node);`
Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00
Remove node repository 2024-03-16 21:34:09 -04:00			`return $next($request);`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`}`

Use more standardized phpcs 2021-01-23 12:33:34 -08:00			`throw new AccessDeniedHttpException('You are not authorized to access this resource.');`
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00			`}`
			`}`