Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/V4/VPNController.php
- This file was added.
| <?php | |||||
| namespace App\Http\Controllers\API\V4; | |||||
| use App\Http\Controllers\Controller; | |||||
| use Carbon\Carbon; | |||||
| use Illuminate\Http\Request; | |||||
| use Lcobucci\JWT\Encoding\ChainedFormatter; | |||||
| use Lcobucci\JWT\Encoding\JoseEncoder; | |||||
| use Lcobucci\JWT\Signer\Key\InMemory; | |||||
| use Lcobucci\JWT\Signer\Rsa; | |||||
| use Lcobucci\JWT\Token\Builder; | |||||
| class VPNController extends Controller | |||||
| { | |||||
| /** | |||||
| * Token request from the vpn module | |||||
| * | |||||
| * @param \Illuminate\Http\Request $request The API request. | |||||
| * | |||||
| * @return \Illuminate\Http\Response The response | |||||
| */ | |||||
| public function token(Request $request) | |||||
| { | |||||
| $user = $this->guard()->user(); | |||||
| if (!$user) { | |||||
machniak: This check is redundant. The route requires authentication. I'd remove this. It will fix the… | |||||
| return response()->json(['status' => 'error', 'message' => "Invalid user"], 401); | |||||
Lint: Method App\Http\Controllers\API\V4\VPNController::token() should return Illuminate\Http\Response but returns Illuminate\Http\JsonResponse. Method App\Http\Controllers\API\V4\VPNController::token() should return Illuminate\Http\Response but returns Illuminate\Http\JsonResponse. Lint: Method App\Http\Controllers\API\V4\VPNController::token() should return Illuminate\Http\Response but returns Illuminate\Http\JsonResponse.: Method App\Http\Controllers\API\V4\VPNController::token() should return… | |||||
| } | |||||
| $signingKey = InMemory::plainText(\config("app.vpn.signing_key")); | |||||
machniakUnsubmitted Not Done Inline ActionsI'd like to see the option described in config/app.php. Also, should we throw an exception when it's not set? machniak: I'd like to see the option described in config/app.php. Also, should we throw an exception when… | |||||
| $tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default())); | |||||
| $token = $tokenBuilder | |||||
| ->issuedAt(Carbon::now()->toImmutable()) | |||||
| // The entitlement is hardcoded for now to default. | |||||
| // Can be extended in the future based on user entitlements. | |||||
| ->withClaim('entitlement', "default") | |||||
| ->getToken(new Rsa\Sha256(), $signingKey); | |||||
| return response($token->toString()); | |||||
machniakUnsubmitted Not Done Inline ActionsDo we really not want to return JSON to be consistent with the whole API? machniak: Do we really not want to return JSON to be consistent with the whole API? | |||||
| } | |||||
| } | |||||
This check is redundant. The route requires authentication. I'd remove this. It will fix the linting issue.