diff --git a/app/src/GraphQL/APIKeyAuthenticator.php b/app/src/GraphQL/APIKeyAuthenticator.php index 28f9f16..94e99a1 100644 --- a/app/src/GraphQL/APIKeyAuthenticator.php +++ b/app/src/GraphQL/APIKeyAuthenticator.php @@ -17,10 +17,14 @@ class APIKeyAuthenticator implements AuthenticatorInterface public function authenticate(HTTPRequest $request) { $member = Security::getCurrentUser(); - if (($member && Permission::checkMember($member, 'CMS_ACCESS')) || ( - Director::isLive() + + if (Director::isLive() && $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY'] - )) { + ) { + if ($member && Permission::checkMember($member, 'CMS_ACCESS')) { + return $member; + } + throw new ValidationException('Restricted resource', 401); } @@ -29,10 +33,10 @@ class APIKeyAuthenticator implements AuthenticatorInterface public function isApplicable(HTTPRequest $request) { - if($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin'){ + if ($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin') { return false; } - + /*if($request->getHeader('apikey')){ return true; }*/