diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 000000000..895d5ee56 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Chris Bautista + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 6510894e0..c39f08aea 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ Then run the migration: $ php artisan migrate -It will setup two tables - api_keys and api_logs. +It will setup one table `api_keys`. ### Generating your first API key @@ -136,6 +136,65 @@ protected $middlewareGroups = [ If you noticed in the basic example, you can also access the attached model to the API key by calling `$request->user()`. We are attaching the related model in this method because in most use cases, this is actually the user. + +#### Accessibility to user data from controller + +This library will attach an authenticated user information via a middleware injection in [AuthenticateApiKey](https://github.com/vzool/api-guard/blob/master/src/Http/Middleware/AuthenticateApiKey.php#L47), So to access user information inside a controller do the following: + +1. Add `auth.apikey` to `$middlewareGroups` in `app/Http/Kernel.php`: + +```php +/** + * The application's route middleware groups. + * + * @var array + */ +protected $middlewareGroups = [ + ... + + 'api' => [ + 'throttle:60,1', + 'bindings', + 'auth.apikey', // here + ], +]; +``` + +2. Access to user information: + +```php +$apiKey = request()->apiKey; // will return an apiKey information +``` +The output will be look like: +```php +{ + "id": 25, // id field in api_keys table + "apikeyable_id": 1, // reference to user, person, or any resource + "apikeyable_type": "App\\Models\\Person", // api key type + "key": "e8655df75b449878d48ed6ece31719513828a05c", // api token key + "last_ip_address": "192.168.10.1", // last origin request + "last_used_at": { + "date": "2017-07-24 10:17:53.868782", + "timezone_type": 3, + "timezone": "Asia/Riyadh" + }, + "created_at": "2017-07-24 09:17:18", + "updated_at": "2017-07-24 10:17:53", + "deleted_at": null, + "apikeyable": { + "id": 1, + "name": "Abdelaziz Elrashed", + "email": "aziz@example.com", + "mobile": "+966555555555", + + ... + + "created_at": "2017-07-23 14:08:25", + "updated_at": "2017-07-23 14:08:25", + } +} +``` + ### Unauthorized Requests Unauthorized requests will get a `401` status response with the following JSON: @@ -293,4 +352,4 @@ If the request failed to pass the validation rules, it will return with a respon } } } -``` +``` \ No newline at end of file