tonyair
/
silverstripe-webpack
mirror of https://github.com/a2nt/silverstripe-webpack.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

FIX: GraphQL API Auth

This commit is contained in:
Tony Air 2021-03-29 15:23:15 +07:00
parent b2691a7112
commit f56ff9069e
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/src/GraphQL/APIKeyAuthenticator.php
View File

@ -17,10 +17,14 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function authenticate(HTTPRequest $request)
{
$member = Security::getCurrentUser();
if (($member && Permission::checkMember($member, 'CMS_ACCESS')) || (
Director::isLive()
if (Director::isLive()
&& $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY']
)) {
) {
if ($member && Permission::checkMember($member, 'CMS_ACCESS')) {
return $member;
}
throw new ValidationException('Restricted resource', 401);
}
@ -29,10 +33,10 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function isApplicable(HTTPRequest $request)
{
if($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin'){
if ($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin') {
return false;
}
/*if($request->getHeader('apikey')){
return true;
}*/