Add basic auth via Laravel Middlewares

Dasc3er · Dasc3er · commit c94217f4f388 · 2025-11-01T09:09:37.000+01:00
diff --git a/src/Auth.php b/src/Auth.php
@@ -863,7 +863,7 @@ protected function saveToSession()
      *
      * @param int $user_id
      */
-    protected function identifyUser($user_id)
+    public function identifyUser($user_id)
     {
         $database = database();
 
diff --git a/src/Middlewares/APIAuthMiddleware.php b/src/Middlewares/APIAuthMiddleware.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace Middlewares;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Models\User;
+use Models\UserTokens;
+use Symfony\Component\HttpFoundation\Response;
+
+class APIAuthMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Closure(Request): (Response) $next
+     */
+    public function handle(Request $request, \Closure $next): Response
+    {
+        if (!Auth::user()) {
+            $token = $request->headers->get('X-API-Key');
+
+            $user = null;
+            if (!empty($token)) {
+                $user_match = UserTokens::where('enabled', 1)->find($token);
+
+                if ($user_match) {
+                    $user = User::with('group')->find($user_match->id_utente);
+                }
+            }
+
+            if ($user) {
+                Auth::once($user);
+
+                return $next($request);
+            }
+        }
+
+        // Disabilita autenticazione su base delle opzioni
+        if (config('osm.api_development', false)) {
+            return $next($request);
+        }
+
+        return response()->json(['error' => 'Unauthenticated.'], 401);
+    }
+}
diff --git a/src/Middlewares/OSMAuthMiddleware.php b/src/Middlewares/OSMAuthMiddleware.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Middlewares;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Models\User;
+use Symfony\Component\HttpFoundation\Response;
+
+class OSMAuthMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Closure(Request): (Response) $next
+     */
+    public function handle(Request $request, \Closure $next): Response
+    {
+        $base_path = $request->url();
+
+        $base_path = substr($base_path, stripos($base_path, $request->host()) + strlen($request->host()));
+        if (stripos($base_path, '/public/') !== false) {
+            $base_path = substr($base_path, 0, stripos($base_path, '/public/'));
+        }
+
+        // Sicurezza della sessioni
+        ini_set('session.cookie_samesite', 'lax');
+        ini_set('session.use_trans_sid', '0');
+        ini_set('session.use_only_cookies', '1');
+
+        session_set_cookie_params(0, $base_path, null, isHTTPS(true));
+        session_start();
+
+        $user = null;
+        if (isset($_SESSION['id_utente'])) {
+            $user = User::with('group')->find($_SESSION['id_utente']);
+        }
+
+        if ($user && !Auth::user()) {
+            Auth::login($user);
+            auth_osm()->identifyUser($user->id);
+        }
+        if (!$user && Auth::user()) {
+            Auth::logout();
+            auth_osm()->destroy();
+        }
+
+        return $next($request);
+    }
+}
diff --git a/src/Models/User.php b/src/Models/User.php
@@ -23,8 +23,9 @@
 use Common\SimpleModelTrait;
 use Illuminate\Database\Eloquent\Model;
 use Modules\Anagrafiche\Anagrafica;
+use Illuminate\Contracts\Auth\Authenticatable;
 
-class User extends Model
+class User extends Model implements Authenticatable
 {
     use SimpleModelTrait;
 
@@ -250,4 +251,38 @@ public function modules()
     {
         return $this->group->modules();
     }
+
+    public function getAuthIdentifierName() : string
+    {
+        return $this->username;
+    }
+
+    public function getAuthIdentifier() : mixed
+    {
+        return $this->id;
+    }
+    
+    public function getAuthPassword() : string
+    {
+        return $this->password;
+    }
+
+    public function getAuthPasswordName() : string
+    {
+        return 'password';
+    }
+    
+    public function getRememberToken() : string
+    {
+        return '';
+    } 
+    
+    public function setRememberToken($value)
+    {
+    } 
+    
+    public function getRememberTokenName() : string
+    {
+        return '';
+    }
 }
diff --git a/src/Models/UserTokens.php b/src/Models/UserTokens.php
@@ -0,0 +1,48 @@
+<?php
+
+/*
+ * OpenSTAManager: il software gestionale open source per l'assistenza tecnica e la fatturazione
+ * Copyright (C) DevCode s.r.l.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Models;
+
+use Common\SimpleModelTrait;
+use Illuminate\Database\Eloquent\Model;
+use Modules\Anagrafiche\Anagrafica;
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class UserTokens extends Model
+{
+    use SimpleModelTrait;
+
+    protected $table = 'zz_tokens';
+
+    public static function build(?Group $gruppo = null, $username = null, $email = null, $password = null)
+    {
+        $model = new static();
+        $model->save();
+
+        return $model;
+    }
+
+    /* Relazioni Eloquent */
+
+    public function user()
+    {
+        return $this->belongsTo(User::class, 'id_utente');
+    }
+}
diff --git a/src/Providers/AppServiceProvider.php b/src/Providers/AppServiceProvider.php
@@ -4,6 +4,8 @@
 
 use ApiPlatform\State\ProcessorInterface;
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Http\Request;
+use Models\Locale;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -20,6 +22,23 @@ public function register(): void
      */
     public function boot(): void
     {
-        //
+        // Connect to database at boot
+        database();
+
+        $translator = trans_osm();
+        $translator->addLocalePath(base_dir().'/locale');
+        $translator->addLocalePath(base_dir().'/modules/*/locale');
+        $formatter = !empty(config()->get('osm.formatter')) ? config()->get('osm.formatter') : [];
+
+        // Inizializzazione traduzioni
+        if (database()->tableExists('zz_settings') && database()->tableExists('zz_langs')) {
+            $id_lang = setting('Lingua');
+            Locale::setDefault($id_lang);
+            Locale::setPredefined();
+
+            $lang = Locale::find($id_lang)->language_code;
+            $translator->setLocale($lang, $formatter);
+        }
+        
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -863,7 +863,7 @@ protected function saveToSession()`
`863`	`863`	`*`
`864`	`864`	`* @param int $user_id`
`865`	`865`	`*/`
`866`		`- protected function identifyUser($user_id)`
	`866`	`+ public function identifyUser($user_id)`
`867`	`867`	`{`
`868`	`868`	`$database = database();`
`869`	`869`